Ok, we've been seeing a "lot" of cases recently.
So far I have 10 known cases of people whose coins were stolen (someone logged in on the account using their password, traded USD for BTC, withdrew all the BTC). Considering we have now over 60000 accounts (2 months ago we had 10 times less), this seems to be a problem coming mainly from users.
Problem is many have been posting in various places (forums, reddit, twitter, irc, etc) causing a lot of fear among users when the problem is still fairly limited.
As I already replied you, your funds were stolen by someone logging in onto your account with your password. Your funds are right now on a bitcoin address and have not moved since then.
As a reminder we assume no responsibility should your funds be stolen by someone using your own password.
The coins stolen from Mt.Gox were not stolen using any CSRF exploit... [the thieves] logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.
The idea of shutting down the Bitcoin exchanges when they heat up is just as repugnant to the central idea of Bitcoin as central banks are. Markets do get emotional at times, but that is something we all understand and accept. Shutting down a market is an artificial move that is in opposition to the concept of a free market. If an exchange took up such a policy, it would only incentivize the creation of new exchanges without such an artificial policy. If I can't trade my Bitcoins on Mt. Gox because it has "shut down," I'll simply go to another exchange that hasn't shut down. Even if all the currently existing exchanges colluded to shut down together, they would simply be granting enormous leverage for a newcomer to take all their volume. The concept of artificial market limits has no place in a free economy and cannot stand in one.
The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST).
Service should be back by June 20th 11:00am (JST, 02:00am GMT) with all the trades reversed and accounts available.
One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins.
Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.
UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
I have hacked into mtgox database. Got a huge number of logins password combos.
Mtgox has fixed the problem now. Too late, cause I've already got the data.
Will sell the database for the right price.
Send your offers to:
TradeHill has recently learned that a large number of user accounts at a competing Bitcoin exchange have been compromised. Because of the possibility that our users may have used the same password on multiple exchanges, we will be halting the ability to trade or withdraw funds for a few hours. We hope this will give all of our users time to reset their passwords if needed. You can reset your password by clicking on your username in the upper right of the website. This merely a precaution, and we do not have any evidence that our site has been compromised in any way. More info soon.