Multiple Bittrex accounts hacked everyone enable 2fa

[chilly2k]

No, no no!

That was not my money.

I had ~4000 FTC and 0.1 BTC there.

Somehow with those transactions they made 50 BTC and took them away.

They enabled 2fa so they can withdraw without mail confirmation, and I can't login to stop them.

Bittrex security=0

   Sounds more like money laundering, then them trying to steal your coins.  It would be interesting to see what account was at the other end of most of those trades. 

[Keketarac]

Bittrex is monitoring this thread, they say my computer is compromised, and that is not so. My bittrex account and mail were compromised, but still I haven't recieved IP adresses used for login on April 1st and 2nd.

They are refusing to take any responsibility in terms of bad security and refunding mere 0.2 BTC, although they should have forced use od 2fa, not leaving it as a option. Furthermore, talking about security, they unlocked my account's 2fa after just one email, so even if I had used 2fa, if my mail was hacked, bittrex account could have been not only hacked but unlocked by staff.

Also, they haven't announced how many accounts were hacked.

Looking at many coin price charts, there is evident and huge price drop on April 1st, so it must be huge amount of coins, which can't come from a handfull of accounts. This must be something going on on a big scale.

They are making fools of themselves for cheap. Classic assholes.

I don't care about 0,2 BTC and bloody bittrex, but it's thing of principles.

[Keketarac]

   Sounds more like money laundering, then them trying to steal your coins.  It would be interesting to see what account was at the other end of most of those trades. 

BTC from my account were withdrawn to these adresses:

April 2nd    1HUznZ7QibU6TgjPzEU5aioBDPBST9sojc
April 1st    1AhoUxM2MyNrBzRb6Y51WZHS1y9rzYtgro

[orryde]

It sounds like bittrex are having some serious problems. I moved all my coins off bittrex today and moved them to poloniex.
I wont use bittrex anymore after reading this thread. They need to take responsibility. If it was just one user then that's one thing. But multiple users. Its obvious their email database was hacked. Thank god the email I use there was made special for bittrex. Otherwise id have to change all my other accounts and email addresses. What a mess!

[leigh2k14]

They reset 2fa, I managed to enter my account

HOLY SHIT!!!

All my funds (FTC and BTC) were used in about 715 transactions with various coins: apex, arb, uro, smbr, kore, tron, grs, lxc, excl, tri, ybc, xdq, root, ftc, lxc and xqn, in period April 1st-April 2nd.

Here is transaction history: https://drive.google.com/file/d/0BzKo9AFn9Gq-TThiQXdzSG5zZnM/view?usp=sharing

In the same period 30 BTC withdrawals occured, and total of about 50 BTC were withdrawn!!!!

I had about 4000 FTC and 0,1 BTC before all that.

How they made 50 BTC?!

Now I'm left with 600 FTC in stuck wallet, 0.49 YBC, 11.8 SHF and 113.6 APEX.

Looks like your account laundered my coins.

Bitrrex will not except any liability at all.

Looks like someone found out a serious flaw and took advantage.

We still don't know how this attack actually happened yet, we should be concerned as the flaw is likely open.

[leigh2k14]

It sounds like bittrex are having some serious problems. I moved all my coins off bittrex today and moved them to poloniex.
I wont use bittrex anymore after reading this thread. They need to take responsibility. If it was just one user then that's one thing. But multiple users. Its obvious their email database was hacked. Thank god the email I use there was made special for bittrex. Otherwise id have to change all my other accounts and email addresses. What a mess!

It doesn't look good or them does it?

[proletariat]

It sucks for the people that were hacked but I'm 99.9% positive that your bittrex deposit addresses are just that.... for deposits, once there their internal ledger accounts for those coins and those coins may be given away when they fulfill other withdrawals etc.... I might be wrong but I don't think so. So no use being paranoid about tracking the funds in your deposit address apart from deposits. Their internal ledger is what matters.

[orryde]

It sounds like bittrex are having some serious problems. I moved all my coins off bittrex today and moved them to poloniex.
I wont use bittrex anymore after reading this thread. They need to take responsibility. If it was just one user then that's one thing. But multiple users. Its obvious their email database was hacked. Thank god the email I use there was made special for bittrex. Otherwise id have to change all my other accounts and email addresses. What a mess!

It doesn't look good or them does it?

No it does not. That's why I moved all my coins away from them!

[cryptoheadd]

It sucks for the people that were hacked but I'm 99.9% positive that your bittrex deposit addresses are just that.... for deposits, once there their internal ledger accounts for those coins and those coins may be given away when they fulfill other withdrawals etc.... I might be wrong but I don't think so. So no use being paranoid about tracking the funds in your deposit address apart from deposits. Their internal ledger is what matters.

Yes, Bittrex, being an exchange, stores the funds in cold wallets.

The withdrawals are processed through their hotwallet.
Tracking your address won't work, as once you deposit your funds, they are transferred to the hot/cold wallets on the next sweep. 

[orryde]

So what is bittrex doing about this?

[Keketarac]

Here is part of IP log:


UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS 77.57.136.72 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-02 16:30:13.493
...
UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS 109.93.97.80 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:41:12.950
WITHDRAWAL_2FA_SUCCESS 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:11:21.250
...
ENABLE_2FA 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:06:10.803
PENDING_2FA 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:05:43.910
LOGIN 130.180.240.144 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:02:26.340
LOGOFF 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 13:58:49.360
LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 13:42:30.803
...
LOGOFF 74.135.30.68 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 2016-03-31 00:31:19.547
LOGIN 74.135.30.68 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 2016-03-31 00:27:37.903
...


So they hacked in on March 31st, started on April 1st at 13:40, took them about half an hour to enable 2fa, and rest is known story. Known and unknown random IPs. Finished on April 2nd at 16:30

[kiklo]

So what is bittrex doing about this?

From the looks of things, They are sorry for your Loss and that is about it. 
They refused to contact any legal authorities and are basically blaming the victims. (Bad Form on their part.)

 

[kiklo]

So they hacked in on March 31st, started on April 1st at 13:40, took them about half an hour to enable 2fa, and rest is known story. Known and unknown random IPs. Finished on April 2nd at 16:30

If 2fa was used , what was the Phone # attached to it.
Cell Tower records should hold the GPS location at the time it received the text, to help pinpoint the thief's physical location.
(That why Law Enforcement has to be brought in, they can get a warrant for the cell tower records. )


 

[cryptojacko]

So they hacked in on March 31st, started on April 1st at 13:40, took them about half an hour to enable 2fa, and rest is known story. Known and unknown random IPs. Finished on April 2nd at 16:30

If 2fa was used , what was the Phone # attached to it.
Cell Tower records should hold the GPS location at the time it received the text, to help pinpoint the thief's physical location.
(That why Law Enforcement has to be brought in, they can get a warrant for the cell tower records. )


 

I guess I'm following you around now.

You obviously don't understand how most of the exchanges 2FA works.  Polo and Bittrex both use google authenticator which has nothing to do with your phone # and doesn't talk back to anything, so what you are saying isn't even valid.

Reviewing this thread it looks like a very small amount of people clicked on something and gave an attacker their password.  This last guy even says someone turned on his 2fa, which is impossible without having access to his email account, which a few posts before he mentions an unknown IP logging in to his email.  Here you are the expert spewing foul, when its fairly obvious these users clicked something stupid or installed something stupid on their machines.  Lol less than 10 users out of thousands and thousands and you think its the exchanges fault.  You sure do beat up on all the exchanges out there.

What is your favorite exchange?  Seems you think they are all corrupt, maybe you should start a legit one.

[spartak_t]

Imho, its the victim's fault for losing their funds, but this thread should not be turned into in "I know better" type of opinions.

[kiklo]

I guess I'm following you around now.

You obviously don't understand how most of the exchanges 2FA works.  Polo and Bittrex both use google authenticator which has nothing to do with your phone # and doesn't talk back to anything, so what you are saying isn't even valid.

Reviewing this thread it looks like a very small amount of people clicked on something and gave an attacker their password.  This last guy even says someone turned on his 2fa, which is impossible without having access to his email account, which a few posts before he mentions an unknown IP logging in to his email.  Here you are the expert spewing foul, when its fairly obvious these users clicked something stupid or installed something stupid on their machines.  Lol less than 10 users out of thousands and thousands and you think its the exchanges fault.  You sure do beat up on all the exchanges out there.

What is your favorite exchange?  Seems you think they are all corrupt, maybe you should start a legit one.

Hey , that is what stalkers do , No shame there. 

https://www.google.com/landing/2step/#tab=how-it-works

    You'll enter your password
    Whenever you sign in to Google, you'll enter your password as usual.
    You'll be asked for something else
    Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port.

See Phone, in the above quote.
Or if they used the security key instead , doubtful, but even so Google could cross reference it and give your some of the accounts the key is connected too,
such as Gmail, Google, GitHub, or Dropbox accounts, which would lead to more IPs , which one of them will lead back to the thief.

You are not one of those people that actually believe you can do anything on the internet and remain anonymous , are you?
FYI: Even Tor won't keep you safe , if the right people are looking for you.

Also what is this unknown IP crap, you guys keep passing out , network access and connection require an IP address,
even if they are behind a VPN, you get the VPN IP Address, from there you hit the VPN provider with a warrant and get their logs which lead you closer to the thief.
Even if they do it 20 times that next address is there to follow.

 

[kiklo]

Imho, its the victim's fault for losing their funds, but this thread should not be turned into in "I know better" type of opinions.

So I imagine you go to Women shelters and tell them it was their fault , that their husband smacked them around?

William Ryan coined the phrase "blaming the victim" in his 1971 book Blaming the Victim. In the book, Ryan described victim blaming as an ideology used to justify racism and social injustice

Fact ,
All Bittrex had to do, is contact the FBI, turn over the log information and then that is the end of any requirement they owe their users.
How much time, would that have taken, less time than what has been spent blaming the victims in this forum, No doubt.

 

[cryptojacko]

Imho, its the victim's fault for losing their funds, but this thread should not be turned into in "I know better" type of opinions.

So I imagine you go to Women shelters and tell them it was their fault , that their husband smacked them around?

William Ryan coined the phrase "blaming the victim" in his 1971 book Blaming the Victim. In the book, Ryan described victim blaming as an ideology used to justify racism and social injustice

Fact ,
All Bittrex had to do, is contact the FBI, turn over the log information and then that is the end of any requirement they owe their users.
How much time, would that have taken, less time than what has been spent blaming the victims in this forum, No doubt.

 

You are referring to 2-factor authentication for gmail and google accounts.  That is not the same as using the google 2fa open source code that does not link back to google at all.  The exchanges are using the later.

Oh anything can be traced if you have enough manpower.  Looks like Bittrex gave the users all the information about who logged into their accounts.  If those users want to find out who stole their stuff they should file police reports and get the process started.


The problem is this isn't women at the shelter because their husbands smacked them around.  It's because they were sleeping around with a trojan horse.  Their machines were hacked, not bittrex, the burden is on them, bittrex is just one piece of information that they can obtain, contacting the FBI would do nothing for these people as the FBI wouldn't even bother doing anything with this.

[kiklo]

You are referring to 2-factor authentication for gmail and google accounts.  That is not the same as using the google 2fa open source code that does not link back to google at all.  The exchanges are using the later.

Oh anything can be traced if you have enough manpower.  Looks like Bittrex gave the users all the information about who logged into their accounts.  If those users want to find out who stole their stuff they should file police reports and get the process started.

The problem is this isn't women at the shelter because their husbands smacked them around.  It's because they were sleeping around with a trojan horse.  Their machines were hacked, not bittrex, the burden is on them, bittrex is just one piece of information that they can obtain, contacting the FBI would do nothing for these people as the FBI wouldn't even bother doing anything with this.

So my frighten stalker returns,
It funny you claim to know their was no phone # attached to that specific 2fa.
Either Bittrex or Google has a Phone # stored for that 2fa account.

https://www.bittrex.com/Manage#section2Fa

Bittrex encourages the use of two-factor authentication
Two-factor authentication (2fa) greatly increases security by requiring both your password and another form of authentication. Bittrex implements 2fa utilizing Google Authenticator.
To enable this feature simply download Google Authenticator on your mobile device and scan the QRCode.

Once you have linked the Authenticator with Bittrex, enter the 6 digit code provided.

Please back up your secret key. Reseting your two - factor authentication requires opening a support ticket and may take up to 48 hours to address.

You claim to know alot, but give no details where you receive that info or even provide a reference.
Mostly you just make up stories with the pretense of knowledge, when it is apparent you are lacking in that area.

Bittrex has not given all of the log info to the users, they cited privacy laws, can you not even read the previous posts before you contradict just to be contradictory.
That the real issue, Bittrex is hiding data, that legally they could only give to the Legal Authority.

Are you and the others really so stupid, that you believe a hacker had total access to their PCs.
But did not go after their Bank Accounts or Credit Cards and only focuses on 1 crypto exchange and ignore every other exchange.
Are you really that Stupid?
Just Asking cause you seem to be that stupid.  

FYI:
The committed crime crossed State Lines, and would be in the the FBI jurisdiction not local Police.
Whether the FBI does anything is up to them, funny that Bittrex is afraid to report it to them.
https://www.fbi.gov/about-us/investigate/what_we_investigate

Spies. Terrorists. Hackers. Pedophiles. Mobsters. Gang leaders and serial killers. We investigate them all, and many more besides.

https://www.fbi.gov/about-us/investigate/cyber/computer-intrusions

 

[Namrekka]

Didn't find it clearly but:

- Is (was) your email account hacked?
- Do (did) you store, in your email box, sensitive things like PW and "confirmation links"?
- Can you share your email provider?