cdub
Newbie
Offline
Activity: 15
Merit: 0
|
|
April 04, 2016, 07:22:48 AM |
|
Is everyone that was hacked using GMail by any chance?
Friend got hacked on Polo, very similar story and his Gmail pass was changed.
Gmail is yet another place where 2FA is available, and should be used. I am sorry for the losses, but I do hope the situation will drive some folks to embrace 2FA, everywhere it's available, even if it's a little inconvenient.
|
|
|
|
prospecta
|
|
April 04, 2016, 07:31:49 AM |
|
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. LOL wtf...I have bad OPSEC give me my money back...
|
After I am done with you, you will be banned from ever being on the internet again or even owning a PC
|
|
|
CosaNostra
|
|
April 04, 2016, 08:07:51 AM |
|
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. LOL wtf...I have bad OPSEC give me my money back... Have I asked for your opinion? I wish you each time you get into any kind of trouble in your life to have an asshole, who will appear before you and tell you "it's your fucking fault". Now you can go and fuck yourself
|
|
|
|
spartak_t
Legendary
Offline
Activity: 1960
Merit: 1176
@FAILCommunity
|
|
April 04, 2016, 08:12:36 AM |
|
I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic. Guys (those who lost your coins), I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here.
|
|
|
|
CosaNostra
|
|
April 04, 2016, 08:32:29 AM |
|
I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic. Guys (those who lost your coins), I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum. Once again I propose to turn on immediate e-mail notifications for all users on each entrance to bittrex with the detailed information like time, IP address, browser info and such and perhaps even on each trade the users complete (since attacker can use compromised API keys as well). Now, even after 2FA set, I don't receive any alerts on failed attempts IMO, if this would be done before, people wouldn't incur all these losses...
|
|
|
|
spartak_t
Legendary
Offline
Activity: 1960
Merit: 1176
@FAILCommunity
|
|
April 04, 2016, 08:39:51 AM |
|
Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum.
I'm sure that Bittrex guys already tried (and probably continue) to figure this out, but with no luck.
|
|
|
|
hughbt
|
|
April 04, 2016, 08:57:46 AM |
|
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 04, 2016, 09:21:31 AM |
|
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
So far the only common denominator has been Bittrex. It seems like a 3rd Party should be called in to investigate everyone's claims. As far as the local PCs, you guys should make an sector by sector Image backup of the whole drives, to preserve what is called the Chain of Evidence. In case this goes to court, you can contact a lawyer to verify that. Bittrex should give as detailed an account of what they believed occurred with a Timeline of the occurrences. For example : If their logs show the trading went on, when the user knows his PC was Off, we know the Local PCs were probably not compromised. But Bittrex should have detailed Logs of the IP Addresses and Times, plus what coin addresses were used. Also Direct Question for Bittrex, this was a cyber theft , what law enforcement agency will you be reporting this too, as the victim's should receive this contact info so they can talk with the investigator.
|
|
|
|
CosaNostra
|
|
April 04, 2016, 10:02:26 AM |
|
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
we know the Local PCs were probably not compromised. I'm 100% sure that local pcs (at least my own) were not compromised. Now, when I set 2FA on all the exchanges I trade and changed the passwords all over, made a thorough examination of all pcs, updated antiviruses and firewalls, and bought me another big pack of condoms I can say that if my local pcs would be compromised the attacker would steal much more money from me easily
|
|
|
|
spartak_t
Legendary
Offline
Activity: 1960
Merit: 1176
@FAILCommunity
|
|
April 04, 2016, 12:59:14 PM |
|
So far the only common denominator has been Bittrex.
It seems like a 3rd Party should be called in to investigate everyone's claims.
Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised.
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 04, 2016, 06:29:48 PM |
|
How's the investigation going richie?
|
|
|
|
leigh2k14 (OP)
Legendary
Offline
Activity: 1288
Merit: 1000
|
|
April 04, 2016, 06:30:37 PM |
|
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. LOL wtf...I have bad OPSEC give me my money back... You sir are first class asshole, 100% cock sucker.
|
|
|
|
spartak_t
Legendary
Offline
Activity: 1960
Merit: 1176
@FAILCommunity
|
|
April 04, 2016, 06:43:06 PM |
|
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially. LOL wtf...I have bad OPSEC give me my money back... You sir are first class asshole, 100% cock sucker. It's a woman...
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 04, 2016, 07:25:41 PM |
|
So far the only common denominator has been Bittrex.
It seems like a 3rd Party should be called in to investigate everyone's claims.
Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised. How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement. Because at the end of the day , the actual crime occurred on their virtual premises. Plus Not Reporting it and not doing anything about it , would make them look Guilty, not a good look from a PR standpoint. Sorry we are looking into it , will not suffice as a answer, a 3rd party needs to be brought in to investigate.
|
|
|
|
CAMOPEJB
|
|
April 04, 2016, 07:41:53 PM |
|
All you need is 2FA and you will be safe guys what's do hard about this.
|
|
|
|
spartak_t
Legendary
Offline
Activity: 1960
Merit: 1176
@FAILCommunity
|
|
April 04, 2016, 07:50:16 PM |
|
How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement. Because at the end of the day , the actual crime occurred on their virtual premises.
To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 04, 2016, 10:25:40 PM Last edit: April 04, 2016, 10:38:10 PM by kiklo |
|
All you need is 2FA and you will be safe guys what's do hard about this.
Sorry without Knowing exactly what happened , it is unknown if 2FA would make a difference in their cases. Example : How many people did 2FA protect at Cryptsy, Answer: No One. FYI: 2FA is just another layer in stopping someone from logging in, If an Exchange security is Breached, the exchange operators have direct access to your coins, and your login security does not matter at all.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 04, 2016, 10:27:32 PM |
|
How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement. Because at the end of the day , the actual crime occurred on their virtual premises.
To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money. Sorry your analogy is wrong, it is more like you handed your wallet to your friend and when they handed it back, some of the cash was missing from it.The Log information Bittrex has may be able to help determine the thief, refusing to hand that information over to Law Enforcement , means they did it or are an accomplice. And just to be clear, I am not saying that, what I am saying is a 3rd party has to check out everyone's story to find the truth and the culprits. But whoever refuses to call in that 3rd party (Law Enforcement) is hiding something.
|
|
|
|
CAMOPEJB
|
|
April 05, 2016, 12:35:59 AM |
|
I made a small rhyme. 2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day!
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 05, 2016, 04:42:15 AM |
|
I made a small rhyme. 2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day! LOL, Once there was a rhyme, that 2fa could stop crime,
It was a story with no truth, conceived by a man locked in a booth.
|
|
|
|
|