Bitcoin Forum
June 16, 2024, 03:42:36 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 »  All
  Print  
Author Topic: Multiple Bittrex accounts hacked everyone enable 2fa  (Read 22259 times)
cdub
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
April 04, 2016, 07:22:48 AM
 #121

Is everyone that was hacked using GMail by any chance?

Friend got hacked on Polo, very similar story and his Gmail pass was changed.

Gmail is yet another place where 2FA is available, and should be used.
I am sorry for the losses, but I do hope the situation will drive some folks to embrace 2FA, everywhere it's available, even if it's a little inconvenient.
prospecta
Hero Member
*****
Offline Offline

Activity: 729
Merit: 500


View Profile
April 04, 2016, 07:31:49 AM
 #122

I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

After I am done with you, you will be banned from ever being on the internet again or even owning a PC
CosaNostra
Hero Member
*****
Offline Offline

Activity: 843
Merit: 1004



View Profile
April 04, 2016, 08:07:51 AM
 #123

I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

Have I asked for your opinion?

I wish you each time you get into any kind of trouble in your life to have an asshole, who will appear before you and tell you "it's your fucking fault".

Now you can go and fuck yourself Angry
 

            ▄▄████▄▄
        ▄▄██████████████▄▄
      ███████████████████████▄▄
      ▀▀█████████████████████████
██▄▄       ▀▀█████████████████████
██████▄▄        ▀█████████████████
███████████▄▄       ▀▀████████████
███████████████▄▄        ▀████████
████████████████████▄▄       ▀▀███
 ▀▀██████████████████████▄▄
     ▀▀██████████████████████▄▄
▄▄        ▀██████████████████████▄
████▄▄        ▀▀██████████████████
█████████▄▄        ▀▀█████████████
█████████████▄▄        ▀▀█████████
██████████████████▄▄        ▀▀████
▀██████████████████████▄▄
  ▀▀████████████████████████
      ▀▀█████████████████▀▀
           ▀▀███████▀▀



.SEMUX
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
  Semux uses .100% original codebase.
  Superfast with .30 seconds instant finality.
  Tested .5000 tx per block. on open network
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
spartak_t
Legendary
*
Offline Offline

Activity: 1960
Merit: 1176


@FAILCommunity


View Profile WWW
April 04, 2016, 08:12:36 AM
 #124

I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic.

Guys (those who lost your coins),

I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Sad

CosaNostra
Hero Member
*****
Offline Offline

Activity: 843
Merit: 1004



View Profile
April 04, 2016, 08:32:29 AM
 #125

I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic.

Guys (those who lost your coins),

I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Sad

Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum.

Once again I propose to turn on immediate e-mail notifications for all users on each entrance to bittrex with the detailed information like time, IP address, browser info and such and perhaps even on each trade the users complete (since attacker can use compromised API keys as well). Now, even after 2FA set, I don't receive any alerts on failed attempts  Sad

IMO, if this would be done before, people wouldn't incur all these losses...

            ▄▄████▄▄
        ▄▄██████████████▄▄
      ███████████████████████▄▄
      ▀▀█████████████████████████
██▄▄       ▀▀█████████████████████
██████▄▄        ▀█████████████████
███████████▄▄       ▀▀████████████
███████████████▄▄        ▀████████
████████████████████▄▄       ▀▀███
 ▀▀██████████████████████▄▄
     ▀▀██████████████████████▄▄
▄▄        ▀██████████████████████▄
████▄▄        ▀▀██████████████████
█████████▄▄        ▀▀█████████████
█████████████▄▄        ▀▀█████████
██████████████████▄▄        ▀▀████
▀██████████████████████▄▄
  ▀▀████████████████████████
      ▀▀█████████████████▀▀
           ▀▀███████▀▀



.SEMUX
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
  Semux uses .100% original codebase.
  Superfast with .30 seconds instant finality.
  Tested .5000 tx per block. on open network
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
spartak_t
Legendary
*
Offline Offline

Activity: 1960
Merit: 1176


@FAILCommunity


View Profile WWW
April 04, 2016, 08:39:51 AM
 #126

Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum.

I'm sure that Bittrex guys already tried (and probably continue) to figure this out, but with no luck. 

hughbt
Hero Member
*****
Offline Offline

Activity: 613
Merit: 501


View Profile
April 04, 2016, 08:57:46 AM
 #127

You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 04, 2016, 09:21:31 AM
 #128

You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.

So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

As far as the local PCs, you guys should make an sector by sector Image backup of the whole drives, to preserve what is called the Chain of Evidence.
In case this goes to court, you can contact a lawyer to verify that.

Bittrex should give as detailed an account of what they believed occurred with a Timeline of the occurrences.

For example :
If their logs show the trading went on, when the user knows his PC was Off, we know the Local PCs were probably not compromised.
But Bittrex should have detailed Logs of the IP Addresses and Times, plus what coin addresses were used.

Also Direct Question for Bittrex, this was a cyber theft , what law enforcement agency will you be reporting this too, as the victim's should receive this contact info so they can talk with the investigator.

 Cool
CosaNostra
Hero Member
*****
Offline Offline

Activity: 843
Merit: 1004



View Profile
April 04, 2016, 10:02:26 AM
 #129

You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.

we know the Local PCs were probably not compromised.


I'm 100% sure that local pcs (at least my own) were not compromised.
Now, when I set 2FA on all the exchanges I trade and changed the passwords all over, made a thorough examination of all pcs, updated antiviruses and firewalls, and bought me another big pack of condoms I can say that if my local pcs would be compromised the attacker would steal much more money from me easily Lips sealed

            ▄▄████▄▄
        ▄▄██████████████▄▄
      ███████████████████████▄▄
      ▀▀█████████████████████████
██▄▄       ▀▀█████████████████████
██████▄▄        ▀█████████████████
███████████▄▄       ▀▀████████████
███████████████▄▄        ▀████████
████████████████████▄▄       ▀▀███
 ▀▀██████████████████████▄▄
     ▀▀██████████████████████▄▄
▄▄        ▀██████████████████████▄
████▄▄        ▀▀██████████████████
█████████▄▄        ▀▀█████████████
█████████████▄▄        ▀▀█████████
██████████████████▄▄        ▀▀████
▀██████████████████████▄▄
  ▀▀████████████████████████
      ▀▀█████████████████▀▀
           ▀▀███████▀▀



.SEMUX
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
  Semux uses .100% original codebase.
  Superfast with .30 seconds instant finality.
  Tested .5000 tx per block. on open network
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
spartak_t
Legendary
*
Offline Offline

Activity: 1960
Merit: 1176


@FAILCommunity


View Profile WWW
April 04, 2016, 12:59:14 PM
 #130

So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised.

leigh2k14 (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1000



View Profile
April 04, 2016, 06:29:48 PM
 #131

How's the investigation going richie?

























▄▄▄▄▄▄▄▄▄▄          ▄▄▄                   ▄▄▄▄▄▄▄                 ▄▄▄▄▄▄▄        ▄▄▄      ▄▄▄
████████████▄       ███                ▄███████████▄            ▄██████████      ███     ███▀
███     ▀▀███▌      ███               ████▀     ▀████         ▄███▀▀     ▀▀      ███    ███▀
███       ███▌      ███              ███▀         ▀███       ▄███                ███   ███
███     ▄███▀       ███             ▐██▌           ▐██▌     ▐███                 ███  ███
██████████▀         ███             ▐██▌           ▐██▌     ▐██▌                 ███ ███
███▀▀▀▀▀████▄       ███             ▐██▌           ▐██▌     ▐██▌                 ███  ███     ███           ███
███      ▀███▌      ███             ▐██▌           ▐██▌     ▐███                 ███   ███     ███         ███
███       ███▌      ███              ███▄         ▄███        ███                ███    ███     ███       ███
███     ▄▄███▌      ███               ████▄     ▄████         ▀███▄▄     ▄▄      ███     ███▄    ███▄   ▄███
████████████▀       ███████████        ▀███████████▀            ▀██████████      ███      ███▄    ███▄ ▄███
▀▀▀▀▀▀▀▀▀▀          ▀▀▀▀▀▀▀▀▀▀▀           ▀▀▀▀▀▀▀                  ▀▀▀▀▀▀        ▀▀▀       ▀▀▀     ███▄███
                                                                                                    ▀███▀
                                                                                                     ▀█▀



















 
Token Sale Starts on [ 12 October ]
[ PRESALE IS OPEN ] ●●●






































leigh2k14 (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1000



View Profile
April 04, 2016, 06:30:37 PM
 #132

I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

You sir are first class asshole, 100% cock sucker.

























▄▄▄▄▄▄▄▄▄▄          ▄▄▄                   ▄▄▄▄▄▄▄                 ▄▄▄▄▄▄▄        ▄▄▄      ▄▄▄
████████████▄       ███                ▄███████████▄            ▄██████████      ███     ███▀
███     ▀▀███▌      ███               ████▀     ▀████         ▄███▀▀     ▀▀      ███    ███▀
███       ███▌      ███              ███▀         ▀███       ▄███                ███   ███
███     ▄███▀       ███             ▐██▌           ▐██▌     ▐███                 ███  ███
██████████▀         ███             ▐██▌           ▐██▌     ▐██▌                 ███ ███
███▀▀▀▀▀████▄       ███             ▐██▌           ▐██▌     ▐██▌                 ███  ███     ███           ███
███      ▀███▌      ███             ▐██▌           ▐██▌     ▐███                 ███   ███     ███         ███
███       ███▌      ███              ███▄         ▄███        ███                ███    ███     ███       ███
███     ▄▄███▌      ███               ████▄     ▄████         ▀███▄▄     ▄▄      ███     ███▄    ███▄   ▄███
████████████▀       ███████████        ▀███████████▀            ▀██████████      ███      ███▄    ███▄ ▄███
▀▀▀▀▀▀▀▀▀▀          ▀▀▀▀▀▀▀▀▀▀▀           ▀▀▀▀▀▀▀                  ▀▀▀▀▀▀        ▀▀▀       ▀▀▀     ███▄███
                                                                                                    ▀███▀
                                                                                                     ▀█▀



















 
Token Sale Starts on [ 12 October ]
[ PRESALE IS OPEN ] ●●●






































spartak_t
Legendary
*
Offline Offline

Activity: 1960
Merit: 1176


@FAILCommunity


View Profile WWW
April 04, 2016, 06:43:06 PM
 #133

I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

You sir are first class asshole, 100% cock sucker.

It's a woman... Roll Eyes

kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 04, 2016, 07:25:41 PM
 #134

So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised.

How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.

Plus Not Reporting it and not doing anything about it , would make them look Guilty, not a good look from a PR standpoint.
Sorry we are looking into it , will not suffice as a answer, a 3rd party needs to be brought in to investigate.


 Cool
CAMOPEJB
Full Member
***
Offline Offline

Activity: 132
Merit: 100



View Profile
April 04, 2016, 07:41:53 PM
 #135

All you need is 2FA and you will be safe guys what's do hard about this.
spartak_t
Legendary
*
Offline Offline

Activity: 1960
Merit: 1176


@FAILCommunity


View Profile WWW
April 04, 2016, 07:50:16 PM
 #136

How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.


To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money.

kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 04, 2016, 10:25:40 PM
Last edit: April 04, 2016, 10:38:10 PM by kiklo
 #137

All you need is 2FA and you will be safe guys what's do hard about this.

Sorry without Knowing exactly what happened , it is unknown if 2FA would make a difference in their cases.

Example : How many people did 2FA protect at Cryptsy,
Answer: No One.

 Cool

FYI:
2FA is just another layer in stopping someone from logging in,
If an Exchange security is Breached, the exchange operators have direct access to your coins, and your login security does not matter at all.
kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 04, 2016, 10:27:32 PM
 #138

How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.


To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money.

Sorry your analogy is wrong,

it is more like you handed your wallet to your friend and when they handed it back, some of the cash was missing from it.
The Log information Bittrex has may be able to help determine the thief, refusing to hand that information over to Law Enforcement , means they did it or are an accomplice.
And just to be clear, I am not saying that, what I am saying is a 3rd party has to check out everyone's story to find the truth and the culprits.
But whoever refuses to call in that 3rd party (Law Enforcement) is hiding something.

 Cool
CAMOPEJB
Full Member
***
Offline Offline

Activity: 132
Merit: 100



View Profile
April 05, 2016, 12:35:59 AM
 #139

I made a small rhyme.

2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day!

Smiley
kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 05, 2016, 04:42:15 AM
 #140

I made a small rhyme.

2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day!

Smiley

LOL,

Once there was a rhyme,
that 2fa could stop crime,

It was a story with no truth,
conceived by a man locked in a booth.
 Cheesy

 Cool
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!