 Show Posts
|
|
Pages: [1]
|
|
Here is part of IP log:
UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS 77.57.136.72 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-02 16:30:13.493
...
UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS 109.93.97.80 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:41:12.950
WITHDRAWAL_2FA_SUCCESS 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:11:21.250
...
ENABLE_2FA 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:06:10.803
PENDING_2FA 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:05:43.910
LOGIN 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:02:26.340
LOGOFF 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 13:58:49.360
LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 13:42:30.803
...
LOGOFF 74.135.30.68 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 2016-03-31 00:31:19.547
LOGIN 74.135.30.68 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 2016-03-31 00:27:37.903
...
So they hacked in on March 31st, started on April 1st at 13:40, took them about half an hour to enable 2fa, and rest is known story. Known and unknown random IPs. Finished on April 2nd at 16:30
|
|
|
|
Sounds more like money laundering, then them trying to steal your coins. It would be interesting to see what account was at the other end of most of those trades.
BTC from my account were withdrawn to these adresses: April 2nd 1HUznZ7QibU6TgjPzEU5aioBDPBST9sojc April 1st 1AhoUxM2MyNrBzRb6Y51WZHS1y9rzYtgro |
|
|
|
|
Bittrex is monitoring this thread, they say my computer is compromised, and that is not so. My bittrex account and mail were compromised, but still I haven't recieved IP adresses used for login on April 1st and 2nd.
They are refusing to take any responsibility in terms of bad security and refunding mere 0.2 BTC, although they should have forced use od 2fa, not leaving it as a option. Furthermore, talking about security, they unlocked my account's 2fa after just one email, so even if I had used 2fa, if my mail was hacked, bittrex account could have been not only hacked but unlocked by staff.
Also, they haven't announced how many accounts were hacked.
Looking at many coin price charts, there is evident and huge price drop on April 1st, so it must be huge amount of coins, which can't come from a handfull of accounts. This must be something going on on a big scale.
They are making fools of themselves for cheap. Classic assholes.
I don't care about 0,2 BTC and bloody bittrex, but it's thing of principles.
|
|
|
|
|
No, no no!
That was not my money.
I had ~4000 FTC and 0.1 BTC there.
Somehow with those transactions they made 50 BTC and took them away.
They enabled 2fa so they can withdraw without mail confirmation, and I can't login to stop them.
Bittrex security=0
|
|
|
|
They reset 2fa, I managed to enter my account HOLY SHIT!!!All my funds (FTC and BTC) were used in about 715 transactions with various coins: apex, arb, uro, smbr, kore, tron, grs, lxc, excl, tri, ybc, xdq, root, ftc, lxc and xqn, in period April 1st-April 2nd. Here is transaction history: https://drive.google.com/file/d/0BzKo9AFn9Gq-TThiQXdzSG5zZnM/view?usp=sharingIn the same period 30 BTC withdrawals occured, and total of about 50 BTC were withdrawn!!!! I had about 4000 FTC and 0,1 BTC before all that. How they made 50 BTC?! Now I'm left with 600 FTC in stuck wallet, 0.49 YBC, 11.8 SHF and 113.6 APEX. |
|
|
|
|
I haven't found any confirmation message in my inbox, but, strange, in history of mail client (yahoo) saw one unusual login at 01/04/2016 from strange IP adress, at the time I was at work. Also, no emails about failed login attempts due to loss of 2fa code.
All withdrawals from bittrex were in unusual time of day, when I sleep (12PM-6AM) or work (7AM-2PM), all times listed are UTC, my time is 2 hours more:
1. 96d4871660... 1140320 2016-03-23 07:47:59 (337) 3168.073 FTC
2. 49070b78b9... 1145748 2016-03-27 06:11:01 (727.256) 2891.217 FTC
3. 2aa6fa781d... 1148866 2016-03-29 12:18:35 (150.3) 2890.917 FTC
4. 47ce3e6709... 1152859 2016-04-01 09:32:21 (150.4) 3040.817 FTC
5. fd92b04175... 1161352 2016-04-07 13:28:55 (351.608) 3139.509 FTC
If 2fa is enabled, does every withdrawal need email confirmation? I'd like to see login info from bittrex staff.
|
|
|
|
|
Yes, I have, but no reply yet.
|
|
|
|
|
I have similar problem with bittrex account hacking.
2fa was disabled.
I haven't logged couple days and when I tried to login today, I was asked to enter 2fa code, which, obviosly, I don't have.
Looking at transactions from my FTC wallet in explorer, I noticed payout of ~350 FTC on 07/04/2016 and two times ~150 FTC day or two before, which I havent initiated nor approved. That is all available funds over funds that were reserved in trading order.
Now I can't login to my account nor withdraw ~4000 FTC and 0,1 BTC I have.
Also, FTC wallet on bittrex is in maintenance mode now, and BTC market also is blocked, no trading since 07/04/2016.
Something big is happening.
|
|
|
|
|
