What worries me that the bittrex people still have no clue as to what happened, the flaw or hack is most likely still open for abuse.
If anything does go wrong with your account, YOU ARE ON YOUR OWN!
Bittrex in no way will except any liability at all.
https://bitcointalk.org/index.php?topic=463202.msg14402160#msg14402160Seems my account has been hacked.
Unique password, only existing in my head.
Coins seem to be dumped and then the hacker bought YBC and dumped them to himself for a low price because he couldn't withdraw...
AMP and RBR both gone...
Fuck...
It cant be that good password if he guessed it or he had a keylogger on your computer. You should use 2FA to protect you from this. Haven't typed the password in over a year, was cached in browser. Scanned my PC with every available tool (+ is protected by ESET) but no keylogger found Password was unique for Bittrex and 14 characters long (random generated). But 2FA was not setup... my account is the same... password 12 characters with big small letters and numbers... 2FA not setted too  is there some way to get contact with some bittrex support ? i like to see login history. |
|
|
|
|
Here is a sample e-mail I'm getting from Yobit:
"Yobit Mailer
Dear User!
Your account was logged in.
Login: User
IP: XXX.XX.XX.XX
Date: 05.04.2016 11:08
Sincerely yours,
Team of Yobit.Net"
|
|
|
|
I'm having 0 connections to Caponecoin network the last days Any nodes? |
|
|
|
Hmmm so Massive premine (and no indication on what it is for) Waaaayyyyyy to many coins, Pools not working, Righhhhht
No, ypool is up and working for me (though I haven't tried withdrawing yet). It seems that most people are pooling their hashes there.  My automatic payment of 50k DXC doesn't show up on my wallet, nor on the blockchain, yet on the pool site it says "Confirmed"... What is happening? Well, it takes some time  |
|
|
|
So, what happened to this shit again, liver or something else? Anyone from Brazil here? |
|
|
|
Hmmm, supply looks kinda too big. I think I just may pass on this one, though if we get a quick pool I might throw some hash on it.
Hey notsofast, are you dumping the coins, or it's dev |
|
|
|
Looks like other ocminer's pools are not fucntioning either ooops, sorry -- no ocminer pool here....  http://ypool.ga/devil -- working now  |
|
|
|
i haven't tried all of them so there's no guarantee
0.01 BTC |
|
|
|
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
we know the Local PCs were probably not compromised. I'm 100% sure that local pcs (at least my own) were not compromised. Now, when I set 2FA on all the exchanges I trade and changed the passwords all over, made a thorough examination of all pcs, updated antiviruses and firewalls, and bought me another big pack of condoms I can say that if my local pcs would be compromised the attacker would steal much more money from me easily  |
|
|
|
I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic. Guys (those who lost your coins), I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum. Once again I propose to turn on immediate e-mail notifications for all users on each entrance to bittrex with the detailed information like time, IP address, browser info and such and perhaps even on each trade the users complete (since attacker can use compromised API keys as well). Now, even after 2FA set, I don't receive any alerts on failed attempts IMO, if this would be done before, people wouldn't incur all these losses... |
|
|
|
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. LOL wtf...I have bad OPSEC give me my money back... Have I asked for your opinion? I wish you each time you get into any kind of trouble in your life to have an asshole, who will appear before you and tell you "it's your fucking fault". Now you can go and fuck yourself  |
|
|
|
The attacker traded down, and withdrew on the other side richie.
No withdraw was made from my end.
Forgive me but i don't think i heard anyone say that before. Can you say that in a different way? And Ritchie i hope you do not get pissed off & leave. Understand i was trying to be objective and look at all angles and not attack your Exchange. If it seemed that way i apologize to you and i don't have much more "FUD" to post here.. So you can likely carry on here with out me instead  I'd just like to see you all build a picture and include every bit of info possible. Explore all leads no matter how unlikely etc. And to me it's scientific and nothing personal against anyone. Good luck guys and sorry to hear about your bad news I don't get pissed off But yes, I alluded to that fact earlier, but never called it out explicitly, my bad. In all cases, the attacker did "bad trades" to move funds around and withdrew from the other side. I'm happy to discuss any aspect of this that I am allowed to (without violating our privacy policies etc). I'm also here to help chase down leads if there are any. I'm a fan of putting as much data together as possible and building a picture. I just get frustrated and find it a waste of time when people start going down the "prove you're not hacked/bad" line of thinking because it's impossible to prove a negative. Also realize, I'm spending time in here trying to be helpful. If i planned on mt.cryptsypalrushin' anyone, I wouldn't bother engaging the community on this issue at all. Something obviously is going around and I want to help put a stop to it. Thanks, Richie Hi Richie, Since the only common denominator for us who had coins stolen is absence of 2fa, could you provide detailed info on the attacker? Only you have a full picture of what happened or happens now.How many accounts compromised out there? Is that multiple or a couple? Do these accounts have anything in common except absence of 2fa? Are all the accounts of the attacker are new or he used some old accounts? Are all the IPs of the attacker are different each time? What coins and exact BTC/alts addresses were used to withdraw the funds? And the last question: Why in your opinion only Bittrex accounts were compromised? Meanwhile, I would strongly advise to turn on immediate e-mail notifications for all users on each entrance to bittrex with the detailed information like time, IP address, browser info and such and perhaps even on each trade the users complete. Needless to say this step would prevent further losses of your customers. I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. Regards |
|
|
|
is this coin dead?
What?  The dev is dead? The trading is smoothly going on YOBIT So i think it is not dead sMOOTHLY? AHHAH its at 5 satoshi bro, down from 750 satoshis 1 week ago... I think Dev has good future plans The dev is dead... RIP  |
|
|
|
Don't have 2fa enabled yet, should probably do that anytime soon haha.
It's not haha, it's fucking serious... |
|
|
|
leigh2k14,
Did you use the same email and password for any mining pool or other sites?
No, I haven't mined for quite some time. It's unique to bittrex. so are you telling that your computer was hacked and that is how you lost your BTC's right . if you are having an unique password for bittrex then it is the only possible way. We are still trying to establish weather it was our machines that were hacked or bittrex, having a password unique to bittrex doesn't make it un hackable. I guess it's time to change the subject to "ALERT! Multiple Bittrex accounts hacked, TURN ON 2FA!!!" |
|
|
|
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?
Good question, indeed! Now when I have changed all passwords, turned on 2FA all over even for my microwave, bought big pack of condoms and such, may I also ask the same: why only bittrex? |
|
|
|
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol. On other exchanges, I get login successful or failed email notifications, not on bittrex though. How does the attacker know if the account has 2fa? Unless they try logging on to them one by one. Firstly, please stop trying to generate fud; its completely unproductive. If our servers were compromised, there are way easier ways to get your money out. It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours. I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost. Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar. Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on. Thanks richie@bittrex UNKNOWN_IP_LOGOFF 109.93.135.147 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:06:14.713 LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:01:36.360 |
|
|
|
Here is the answer I've got Bittrex:
Ryan Hentz (Bittrex)
Apr 2, 19:08
Hi,
Our records show that all orders placed on your account were done so from your typical login ip. This means the attacker somehow has access to your machine. Have you installed any new software recently? This includes things like browser plugins.
The attacker also immediately withdrew the coins from his account via the api. There is no way to recover the funds.
Please make sure to enable 2fa to protect your account from being breached in this way.
Thank you,
Ryan The whole day I'm trying to find any traces in my local machines. Nothing so far Any findings, leigh2k14? I haven't found a thing yet mate, ask bittrex for proof that your account was accessed from your machine If they are lying to us then the problem is on their end. Sure, I've asked for the logs, because I see not any single evidence of intrusion locally. |
|
|
|
|
Show Posts
