[amalag]

In this analogy, his cash was held by the bank. He can say someone impersonated him to send it. But unfortunately he did not take advantage of two factor authentication and he got phished.

Actually from reading more, i don't understand if MtGox is involved at all. Did the executable just steal the wallet.dat file from his hard drive and have nothing to do with MtGox?

[ghshephard]

Yeah - I'm unclear what's happening here as well. Did his bitcoins get stolen from wallet.dat, or did they get stolen from MtGox?

[dariopy]

Did you read the FA? It was clearly stated that 1. the transaction took place in MtGox, and 2. the rest of his bitcoins were safely encrypted in his hard disk.

[ghshephard]

Right - I read that part. But then, I read the exploit, which is the running of a .exe on his local system, and not a javascript XSS attack. It's very confusing.

Perhaps the .exe logged into his MtGox account through the browser? If so - I don't understand why he would think MtGox is culpable in any way, particularly if he was running java in the browser, clicked YES to all the warnings that said horrible things were going to happen to him, AND wasn't running two-factor auth on his account.

He went out of his way to let the hacker exploit his system. I would hope that anyone as "technically savvy" as him would have known these were all really, really bad things to do.

If there is any consolation, it's that the 34 bitcoins are likely going to be worth less than a $1000 by the end of today.