Bitcoin Forum
November 18, 2024, 11:01:40 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Economy / Exchanges / Re: Got hacked and lost $30,000 on hitbtc, avoid this garbage site on: December 19, 2017, 03:07:46 AM
Quote from: Slow death on December 18, 2017, 07:59:38 PM
I'm lost in this story and as I am someone curious there are some things that I would like to know:

when you login to your hitbtc account, they do not send a link to you to click and authorize your entry in your hitbtc account?

when you withdraw any currency, do not you receive an email containing the link that authorizes the withdrawal of that currency?

Do you have an picture of the negotiation history of your account?

Do you have a picture of the history of withdrawals from your account?
No, you don't need to click a link to authorize your entry in hitbtc.

Yes, email authorization is required to withdraw. However, the hacker did not withdraw anything directly from my account. He simply converted all my coins to some altcoins with a price that is much lower than the market price. I believe he took the order that he placed on the orderbook using his own account.

My original post contains the trading history after my account being hacked.

No, as I just mentioned, the hacker did not withdraw anything.
2  Economy / Exchanges / Re: Got hacked and lost $30,000 on hitbtc, avoid this garbage site on: December 18, 2017, 06:58:46 PM
Quote from: Colorblind on December 18, 2017, 06:39:09 AM
I would say you are wrong. I don't see as a possibility that hacker could somehow intercept e-mails from exchange. They simply knew your password then logged in. Since they did no access to e-mail they couldn't just withdraw so they had to execute "low volume" scam - i.e convert everything to BTC then buy some low volume coin for those btc from their own account. If you had 2fa you would probably be fine, but the only thing you can do is to ask exchange to look into attacker's account information (since they know who was doing low volume scam).
Don't get your hopes up, since if it was me running an exchange I would most certainly refuse to assist you for numerous reasons (but the main would be the fact you did not have 2fa and exchange can simply blame you in this case to avoid any hassle).

Sorry for your loss. Hope you resolve this somehow.


It seems impossible that hacker can somehow intercept the emails. And this was part of the reason I thought my coins would be safe without 2FA. But the thing is, the hacker indeed found a way to do that. Almost all victims got hacked by resetting the password. This shows the hacker does not know the original password. There's is no other ip login history in my email account. Thus, the hacker has no access to my email account. Also, I never click the password reset link myself. Then the only explanation is that the hacker intercepts the emails sending by hitbtc.

hitbtc is using a third-party email service, which I think is https://mandrillapp.com/. My guess is that either the hacker hacked into the servers of this particular email service, or the hacker is an internal member of that email service. The worst possibility would be this is done by hitbtc's own employee.
3  Economy / Exchanges / Re: Lost $30,000 on hitbtc, avoid this garbage site on: December 18, 2017, 03:30:30 AM
First, I would like to thank all the replies. I already contacted hitbtc support. But if you have ever dealt with them, you would know it takes forever for them to respond.

Second, for anyone who wants screenshot, I found this: https://pbs.twimg.com/media/DROFJlFWsAErNqt.jpg:large

I'm still trying to collect all the info for proof, I will post again when I am 100% ready.

Third, I certainly understand that not activating 2FA is my fault. But clearly the hacker has a way to intercept the emails, you can check this post: https://thebitcoin.pub/t/my-account-was-hacked-on-hitbtc/14153

Also, this happened to other people. For example: https://forum.hitbtc.com/discussion/comment/8314

I'm writing this in hope to find someone who also got hacked recently. Together we can form a group and force hitbtc to get our money back. We can initiate a court fight if that's necessary. In addition, I'm trying to warn everyone: hitbtc is a scam site, don't use it!
4  Economy / Exchanges / Re: Lost $30,000 on hitbtc, avoid this garbage site on: December 18, 2017, 03:11:58 AM
Quote from: mobnepal on December 16, 2017, 09:11:36 AM
Your $30,000 vanished just because of hacker selling it at lower price than what he have bought at? Why would he will spend his hours to make such a silly move rather than just wait for next few hours to be able to withdraw all those money out.

Also if you have some screenshots of your account than post it.

If you haven't activated 2FA there than actually its you who are responsible for this security breach also you might have used your email password in other sites too without any additional security measures activated in your email account.

If I remember correctly, you need to click the email verification link to withdraw. The hacker has no access to my email account, thus can't withdraw. But he can trade. BTC/SWT is a very small pair. Say I have 1 BTC, then the hacker sold the BTC with the price of 1 BTC = 0.1 SWT, then bought BTC again with the price of 1 BTC = 10 SWT. Boom, I only have 0.01 BTC now, a huge part of my money is gone. This can only be done in a very small volume pair.

I am definitely responsible since I did not active 2FA. But this problem already happened one month ago. See this post: https://thebitcoin.pub/t/my-account-was-hacked-on-hitbtc/14153

One month later, same thing happened again. It's impossible to say this is solely my problem. hitbtc should also be blamed.
5  Economy / Exchanges / Re: HITBTC - LOSS OF MONEY / SCAM / THIEVES on: December 16, 2017, 02:48:24 AM
Does anyone get their money back eventually? My hitbtc account was hacked yesterday. And their support still hasn't replied.
6  Economy / Exchanges / Got hacked and lost $30,000 on hitbtc, avoid this garbage site on: December 16, 2017, 02:39:31 AM
I believe this is what happened: the hacker hacked into the mail server of hitbtc or intercepted the password reset email triggered by him, then reset my password and gained access to my account. The login history of my email box showed no abnormal access at all; the password reset email that the hacker triggered was received unread. The hacker can't withdraw anything after resetting the password; however, he converted all my coins to BTC, then bought expensive SWT orders placed by him, and then sold the SWT to a very cheap order that was also placed by him. He repeated this process a couple times, then all my digital assets worth $30000+ were almost gone. Even though I have perfect security on my computer, even though the hacker cannot withdraw anything from my account, my $30000+ are all gone.

From what I have seen, this security problem has been there for quite a while. Yet, hitbtc did nothing to prevent this from happening again. Shame on them. I'm writing this in hope to find someone who also got hacked recently. Together we can form a group and force hitbtc to get our money back. We can initiate a court fight if that's necessary.

Here's my trading history after being hacked. You can see the hacker bought SWT with a very high price and then sold them with a much lower price.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!