Bitcoin Forum
June 21, 2024, 10:03:03 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: My Bittrex account was hacked  (Read 3654 times)
majsta (OP)
Hero Member
*****
Offline Offline

Activity: 561
Merit: 500


kittehcoin.info


View Profile
May 10, 2017, 03:31:18 PM
 #1

Last night lot of strange things happened. In total about 168K of FTC, 17.5K VTC and bunch of other alts were stolen(destroyed) on bittrex from me. In total 11BTC worth.
All of this happened just after I applied for enhanced account verification, well maybe day after, and that is strangest thing.
Yes I didn't have 2FA, my bad but still I don't get what happened.
He didn't do any single withdraw, instead he was dumping my coins and buying them again at higher price. He was doing that for one hour, imagine that! before that he was logged in for 3 hours into my account doing nothing.
This could indicate buy - sell rotation and that in fact he was sending my coins over his bittrex account without withdrawing them then from there to send them over his account.
Final "sales" happened on ETH and REP.
Question is also this, how is possible that two persons can be logged in the same time to bittrex. Because I m always logged in, I didn't shut down my computer since last year, so keylogger or something is not an option. How is possible that someone could hack password who was unique and used only for bittrex. There is also captcha verification and he could pass it only if he had exact password, so brute force word list or something is also out of the question.
It started from:
Quote
Login Time: 05/09/2017 21:33
IP Address: 213.230.77.40
User Agent: okhttp/3.4.0
then:
Quote
Login Time: 05/09/2017 23:12
IP Address: 204.236.213.246
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Tracking down Ip address is just waste of time nowdays...
 
In total 80 buy/sale requests over various coins.
Here is how it started:




Then there is how ended:




Again what was the point of this if this wasn't something I said earlier to transfer coins to his own bittrex account. This was purely to destroy them all. Any thoughts on this matter?

LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 2912
Merit: 4100


Top Crypto Casino


View Profile
May 10, 2017, 08:45:31 PM
 #2

Hi majsta

Similar happened to me 2 days ago and I noticed it today with an email received from Bittrex. Glad i didn't have anything to steal in as I never keep any coins more than 1 day. I changed my password and emailed them. Finally I am happy to see I am not the only one. I don't type my password so i don't think a keylogger can catch anything

Login Time: 05/08/2017 22:04
IP Address: 78.176.204.102
User Agent: okhttp/3.4.0

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
majsta (OP)
Hero Member
*****
Offline Offline

Activity: 561
Merit: 500


kittehcoin.info


View Profile
May 10, 2017, 09:04:43 PM
 #3

So there are others and all of this happened last year also, several times.
Thank you for the comment.
 

Febo
Legendary
*
Offline Offline

Activity: 2730
Merit: 1288



View Profile
May 10, 2017, 09:18:20 PM
 #4

When was last time you changed password?  Did you do it after that passwords leaked?  It was few months ago.
rozee
Legendary
*
Offline Offline

Activity: 1736
Merit: 1001


View Profile
May 10, 2017, 11:11:55 PM
 #5

your bad is not use 2fa, its most important especially for your exchange site its contains with your money but why you not use 2fa authentication? maybe you are a keylogger victim, make sure to clean your pc and change the password and use 2fa authentication
kev7112001
Sr. Member
****
Offline Offline

Activity: 479
Merit: 250


View Profile
May 11, 2017, 07:08:37 PM
 #6

I took it and im holding it for ransom till i get my Vampire V500 V2+ x15 Grin
 

MCXNOW MODERATOR
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 2912
Merit: 4100


Top Crypto Casino


View Profile
May 12, 2017, 03:14:20 PM
 #7

When was last time you changed password?  Did you do it after that passwords leaked?  It was few months ago.

In my case, honestly I never changed it before this incident. I joined Bittrex around November/December and have not hear about any leak. And don't remember receiving a newsletter from them about this subject.

your bad is not use 2fa, its most important especially for your exchange site its contains with your money but why you not use 2fa authentication? maybe you are a keylogger victim, make sure to clean your pc and change the password and use 2fa authentication

I don't know anything with 2fa, not even sure how to use it. But if it something to install and use on smartphone then better i tell you it is defintely not for me.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
majsta (OP)
Hero Member
*****
Offline Offline

Activity: 561
Merit: 500


kittehcoin.info


View Profile
May 12, 2017, 08:32:03 PM
 #8

WinAuth can do the job without the phone. Complete setup takes no more than one minute and I just wish I have done that few years ago instead now. Well, now is late for me but let this be lesson for everyone. My questions remain and i don't think that having or not having 2FA had anything to do with the hack happened to my account.

KryptoKash
Sr. Member
****
Offline Offline

Activity: 512
Merit: 275


Bitcoin Interest.


View Profile
June 05, 2017, 05:40:44 PM
 #9

They could have stolen your cookie.

...
jancoin
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
June 09, 2017, 09:00:14 AM
 #10

Same think happened to me today...
2dogs
Legendary
*
Offline Offline

Activity: 1267
Merit: 1000


View Profile
June 10, 2017, 01:28:52 AM
 #11

So it appears these examples of the Bittrex hacked accounts did NOT use 2FA?
stomachgrowls
Hero Member
*****
Offline Offline

Activity: 2898
Merit: 776



View Profile
June 10, 2017, 03:04:30 AM
 #12

So it appears these examples of the Bittrex hacked accounts did NOT use 2FA?
This is the closest thing possible on whats happening now.Ive been reading some issues related to this and most of them doesnt have 2fa and this is might be a keylogger hacking type.The best thing now change reformat your pc to clean from viruses or malware then change pass and set 2fa to avoid this unauthorized log-in and would lose coins/money.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Xinarae*
Sr. Member
****
Offline Offline

Activity: 1414
Merit: 326



View Profile
June 10, 2017, 03:06:07 AM
 #13

Are you have same passwords for another website before?
jaime77
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 10, 2017, 07:53:13 AM
 #14

Have you tried getting in touch with the site?! Any updates? You should secure your account with 2FA cause with all the hype that crypto has been receiving a lot of people are getting hacked. I get a bunch of phishing e-mails from people trying to get my paypal account, so be careful when trying to change passwords, personal info e.t.c
imagimar
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
June 11, 2017, 12:04:57 PM
 #15

Setup that Bittrex send you email when you are logining into site. That way you can know when someone beside you log into it.
Trinibits
Hero Member
*****
Offline Offline

Activity: 635
Merit: 500


View Profile
June 11, 2017, 12:41:26 PM
 #16

I got hacked last night on Bittrex as well. This week I applied for enhanced account verification as well and I stupidly didn't have 2FA. They sold everything I had on there and looks like they pumped Digix Dao. Better to learn this lesson now rather than later. 2FA all the way
luca1073
Jr. Member
*
Offline Offline

Activity: 222
Merit: 4


View Profile
July 06, 2017, 02:40:43 PM
 #17

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe
Trinibits
Hero Member
*****
Offline Offline

Activity: 635
Merit: 500


View Profile
July 06, 2017, 06:33:10 PM
 #18

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe

Did you have 2FA though?
erikalui
Legendary
*
Offline Offline

Activity: 2632
Merit: 1094



View Profile WWW
July 06, 2017, 07:06:06 PM
 #19

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe

It can happen with all exchanges as none are safe. The moment you get an email of an unauthorized login, you need to take action and lock your account. 2FA is really helpful but they should have one via email/mobile as well. I'm scared to only trust Google authenticator as what if I don't receive the code in time. My account would be locked till I contact the support and get a response.

Zicadis
Legendary
*
Offline Offline

Activity: 1386
Merit: 1027


Dump it!!!


View Profile
July 06, 2017, 11:08:33 PM
 #20

sorry for your loss mate.
I have noticed this has actually happened to several people what is the best course of action to protect ourselves from hackers
as strong passwords are not good enough... maybe a combination of 2fa and incognito mode or maybe site is at fault with it's loopholes Roll Eyes
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!