defined
|
|
April 03, 2016, 02:34:13 PM |
|
It doesn't matter about the withdrawal, they set a high price on a coin that they own and dump your coins, then buy the coins from them selves, so no withdrawal.
This makes sense. It also means my exchange accounts are less secure than I thought. I even see how anyone can profit from this: set a very high sale order on rare alt coins, and wait for a hacker to buy them all. I have never heard of a keylogger existing on Linux
Keyloggers exist even in hardware: I have 1/8th of a bitcoin at bittrex, and it already makes me nervous having so much at an exchange. People with 8 to 14 btc must be trading a lot, otherwise it is much safer to withdraw to your own wallet.
|
|
|
|
Aesthete
|
|
April 03, 2016, 02:39:24 PM |
|
yesterday my bittrex account was also hacked 14 btc were withdrawn through transactions with YBC and XDQ ://
That sucks man, sorry for your loss. That makes 3 accounts accessed so far, there is a pattern forming. Have you been in touch with bittrex? Hmm, I'm starting to think that bittrex has been compromised. I'm going to ask for proof that my account was accessed through my machine. I suggest you do the same. This could be a bigger problem, than we think. yes, they wrote me same as others "Unfortunately, there is nothing we can do to recover your funds" and "The attacker sold the coins from the same IP you typically login" I think affected a lot more, but not all have understood it and found this thread
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 02:47:21 PM |
|
yesterday my bittrex account was also hacked 14 btc were withdrawn through transactions with YBC and XDQ ://
That sucks man, sorry for your loss. That makes 3 accounts accessed so far, there is a pattern forming. Have you been in touch with bittrex? Hmm, I'm starting to think that bittrex has been compromised. I'm going to ask for proof that my account was accessed through my machine. I suggest you do the same. This could be a bigger problem, than we think. yes, they wrote me same as others "Unfortunately, there is nothing we can do to recover your funds" and "The attacker sold the coins from the same IP you typically login" I think affected a lot more, but not all have understood it and found this thread I think it's a lot more than just us three, that would put the blame on bittrex's side, ask them for your logs. Did you have 2fa enabled?
|
|
|
|
CosaNostra
|
|
April 03, 2016, 02:59:16 PM |
|
Here is the answer I've got Bittrex:
Ryan Hentz (Bittrex)
Apr 2, 19:08
Hi,
Our records show that all orders placed on your account were done so from your typical login ip. This means the attacker somehow has access to your machine. Have you installed any new software recently? This includes things like browser plugins.
The attacker also immediately withdrew the coins from his account via the api. There is no way to recover the funds.
Please make sure to enable 2fa to protect your account from being breached in this way.
Thank you,
Ryan The whole day I'm trying to find any traces in my local machines. Nothing so far Any findings, leigh2k14? I haven't found a thing yet mate, ask bittrex for proof that your account was accessed from your machine If they are lying to us then the problem is on their end. Sure, I've asked for the logs, because I see not any single evidence of intrusion locally.
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:07:42 PM |
|
Just got this reply from bittrex:
Ryan Hentz (Bittrex)
Apr 3, 07:38
Hi,
It doesn't matter how many have lost their funds, if you all downloaded the same software it makes perfect senses.
I'll get this to someone who can send you the login history data.
Thank you,
Ryan
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:09:57 PM |
|
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux user, I always compile from github source.
|
|
|
|
Aesthete
|
|
April 03, 2016, 03:10:48 PM |
|
.. Did you have 2fa enabled?
no
|
|
|
|
Namrekka
Newbie
Offline
Activity: 50
Merit: 0
|
|
April 03, 2016, 03:11:44 PM |
|
Did you use a public wifi spot? Is your wifi in your house protected? How many persons do have access in your (home)network?
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:17:25 PM |
|
Did you use a public wifi spot? Is your wifi in your house protected? How many persons do have access in your (home)network?
I'm on my home network, cable only, wifi is disabled, I don't like to use it. Due to the security and health implications. Only I have access to the network.
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:18:28 PM |
|
.. Did you have 2fa enabled?
no I thought so.
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
April 03, 2016, 03:27:03 PM |
|
hmm interesting how this is turning out. I have sort of known Ryan and chatted with him a bunch of times last few years. And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel. Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either. I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts why has no one come forward saying they got alerts from failed login attempts ? Like how would you know the account has 2fa or not unless you TRIED logging in? Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed) Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
|
FUD first & ask questions later™
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:33:02 PM |
|
hmm interesting how this is turning out. I have sort of known Ryan and chatted with him a bunch of times last few years. And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel. Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either. I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts why has no one come forward saying they got alerts from failed login attempts ? Like how would you know the account has 2fa or not unless you TRIED logging in? Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed) Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol. On other exchanges, I get login successful or failed email notifications, not on bittrex though. How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.
|
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
April 03, 2016, 03:46:12 PM |
|
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux user, I always compile from github source.
What was the last wallet you downloaded? Which coin, I mean. Same question to the others who were hacked.
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 03:51:31 PM |
|
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux user, I always compile from github source.
What was the last wallet you downloaded? Which coin, I mean. Same question to the others who were hacked. Last wallet I compiled on this machine was Britcoin, I know the devs on that one plus I got the source from github. That was about a month or more ago.
|
|
|
|
richiela
|
|
April 03, 2016, 04:21:07 PM |
|
hmm interesting how this is turning out. I have sort of known Ryan and chatted with him a bunch of times last few years. And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel. Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either. I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts why has no one come forward saying they got alerts from failed login attempts ? Like how would you know the account has 2fa or not unless you TRIED logging in? Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed) Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol. On other exchanges, I get login successful or failed email notifications, not on bittrex though. How does the attacker know if the account has 2fa? Unless they try logging on to them one by one. Firstly, please stop trying to generate fud; its completely unproductive. If our servers were compromised, there are way easier ways to get your money out. It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours. I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost. Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar. Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on. Thanks richie@bittrex
|
|
|
|
btcxyzzz
Legendary
Offline
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
|
|
April 03, 2016, 04:25:15 PM |
|
Using Windows crap OS?
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 04:34:54 PM |
|
hmm interesting how this is turning out. I have sort of known Ryan and chatted with him a bunch of times last few years. And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel. Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either. I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts why has no one come forward saying they got alerts from failed login attempts ? Like how would you know the account has 2fa or not unless you TRIED logging in? Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed) Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol. On other exchanges, I get login successful or failed email notifications, not on bittrex though. How does the attacker know if the account has 2fa? Unless they try logging on to them one by one. Firstly, please stop trying to generate fud; its completely unproductive. If our servers were compromised, there are way easier ways to get your money out. It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours. I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost. Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar. Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on. Thanks richie@bittrex Thanks for the reply richie. Means this is a cross platform attack, and the attack was from user IP's (yet to be confirmed) some sort of browser plugin hack makes more sense. Just checked my browser plugis in firefox, I didn't see anything that wasn't supposed to be there, that being said they could of modified an existing plugin. please mail the effected users with their login logs so we can double check that it was an attack initiated from our local machines. So how many accounts have been effected? I suggest that all people effected reformat your OS, it can't be trusted anymore.
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 04:47:14 PM |
|
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?
|
|
|
|
richiela
|
|
April 03, 2016, 05:10:51 PM |
|
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?
I can't say exactly how many accounts were affected, but it is an uptick from our normal volumes. I have no clue why nothing else was affected, but I've sent your logs to you via the ticket. If you want to ask any other questions, feel free to find us in our slack - slack.bittrex.com. thanks, richie@bittrex
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 03, 2016, 05:31:46 PM Last edit: April 03, 2016, 06:18:52 PM by leigh2k14 |
|
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?
I can't say exactly how many accounts were affected, but it is an uptick from our normal volumes. I have no clue why nothing else was affected, but I've sent your logs to you via the ticket. If you want to ask any other questions, feel free to find us in our slack - slack.bittrex.com. thanks, richie@bittrex Please keep us updated if you find out any more info. Errrr, I feel violated
|
|
|
|
|