Putting aside the way the Bitcoinica account got compromised, I wanted to mention that I learned the hard way that either Mt.Gox is rife with security holes or a lot of these breaches are actually insider jobs from someone working at MtGox : A month back I realized that I had around 40 BTC lying around and decided to sell them on MtGox. First, my Mt.Gox is mostly inactive, so I actually had to reset my password and setup a new one that I had never used before. Then, after I sold my coins, I realized I cannot transfer my money to my Dwolla account; MtGox needs a scanned copy of my SSN! While I was deliberating whether I should trust MtGox with my SSN, 24 hours had passed, and I got an automated email from MtGox saying my money had been converted to bitcoins and has been transferred! Everything gone! So, the fact that :
1. My account was mostly inactive.
2. I had recently changed my account password to a new more complex one : 2 upper caps, 5 lower case, 2 numbers and one special character.
3. My money was sitting in my account for only 24 hours.
4. The time between my money getting converted to bitcoins and the actual transfer was just a few seconds, as if an automated script scans all accounts and the performs some tasks on them.
So, in short, please don't put all the blame on Bitcoinica. Something's wrong at MtGox too :)
Not that there aren't any keyloggers for Linux, I never found anything suspicious, nor have any of my other accounts been breached into. But yeah, if there is a keylogger, I bet it got installed from the Mt.Gox website itself ;)
