My Bittrex account was hacked

[majsta]

Last night lot of strange things happened. In total about 168K of FTC, 17.5K VTC and bunch of other alts were stolen(destroyed) on bittrex from me. In total 11BTC worth.
All of this happened just after I applied for enhanced account verification, well maybe day after, and that is strangest thing.
Yes I didn't have 2FA, my bad but still I don't get what happened.
He didn't do any single withdraw, instead he was dumping my coins and buying them again at higher price. He was doing that for one hour, imagine that! before that he was logged in for 3 hours into my account doing nothing.
This could indicate buy - sell rotation and that in fact he was sending my coins over his bittrex account without withdrawing them then from there to send them over his account.
Final "sales" happened on ETH and REP.
Question is also this, how is possible that two persons can be logged in the same time to bittrex. Because I m always logged in, I didn't shut down my computer since last year, so keylogger or something is not an option. How is possible that someone could hack password who was unique and used only for bittrex. There is also captcha verification and he could pass it only if he had exact password, so brute force word list or something is also out of the question.
It started from:

Login Time: 05/09/2017 21:33
IP Address: 213.230.77.40
User Agent: okhttp/3.4.0

then:

Login Time: 05/09/2017 23:12
IP Address: 204.236.213.246
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Tracking down Ip address is just waste of time nowdays...
 
In total 80 buy/sale requests over various coins.
Here is how it started:




Then there is how ended:




Again what was the point of this if this wasn't something I said earlier to transfer coins to his own bittrex account. This was purely to destroy them all. Any thoughts on this matter?

[LeGaulois]

Hi majsta

Similar happened to me 2 days ago and I noticed it today with an email received from Bittrex. Glad i didn't have anything to steal in as I never keep any coins more than 1 day. I changed my password and emailed them. Finally I am happy to see I am not the only one. I don't type my password so i don't think a keylogger can catch anything

Login Time: 05/08/2017 22:04
IP Address: 78.176.204.102
User Agent: okhttp/3.4.0

[majsta]

So there are others and all of this happened last year also, several times.
Thank you for the comment.
 

[Febo]

When was last time you changed password?  Did you do it after that passwords leaked?  It was few months ago.

[rozee]

your bad is not use 2fa, its most important especially for your exchange site its contains with your money but why you not use 2fa authentication? maybe you are a keylogger victim, make sure to clean your pc and change the password and use 2fa authentication

[kev7112001]

I took it and im holding it for ransom till i get my Vampire V500 V2+ x15
 

[LeGaulois]

When was last time you changed password?  Did you do it after that passwords leaked?  It was few months ago.

In my case, honestly I never changed it before this incident. I joined Bittrex around November/December and have not hear about any leak. And don't remember receiving a newsletter from them about this subject.

your bad is not use 2fa, its most important especially for your exchange site its contains with your money but why you not use 2fa authentication? maybe you are a keylogger victim, make sure to clean your pc and change the password and use 2fa authentication

I don't know anything with 2fa, not even sure how to use it. But if it something to install and use on smartphone then better i tell you it is defintely not for me.

[majsta]

WinAuth can do the job without the phone. Complete setup takes no more than one minute and I just wish I have done that few years ago instead now. Well, now is late for me but let this be lesson for everyone. My questions remain and i don't think that having or not having 2FA had anything to do with the hack happened to my account.

[KryptoKash]

They could have stolen your cookie.

[jancoin]

Same think happened to me today...

[2dogs]

So it appears these examples of the Bittrex hacked accounts did NOT use 2FA?

[stomachgrowls]

So it appears these examples of the Bittrex hacked accounts did NOT use 2FA?

This is the closest thing possible on whats happening now.Ive been reading some issues related to this and most of them doesnt have 2fa and this is might be a keylogger hacking type.The best thing now change reformat your pc to clean from viruses or malware then change pass and set 2fa to avoid this unauthorized log-in and would lose coins/money.

[Xinarae*]

Are you have same passwords for another website before?

[jaime77]

Have you tried getting in touch with the site?! Any updates? You should secure your account with 2FA cause with all the hype that crypto has been receiving a lot of people are getting hacked. I get a bunch of phishing e-mails from people trying to get my paypal account, so be careful when trying to change passwords, personal info e.t.c

[imagimar]

Setup that Bittrex send you email when you are logining into site. That way you can know when someone beside you log into it.

[Trinibits]

I got hacked last night on Bittrex as well. This week I applied for enhanced account verification as well and I stupidly didn't have 2FA. They sold everything I had on there and looks like they pumped Digix Dao. Better to learn this lesson now rather than later. 2FA all the way

[luca1073]

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe

[Trinibits]

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe

Did you have 2FA though?

[erikalui]

it happened to me too, a few days after having opened the account. received warning of unauthorized logins. had zero coins in there, opened just out of curiosity. maybe some inside job from employees or a malware in their system. my PC is malware free i just checked, i would stay away from bittrex, it seems really unsafe

It can happen with all exchanges as none are safe. The moment you get an email of an unauthorized login, you need to take action and lock your account. 2FA is really helpful but they should have one via email/mobile as well. I'm scared to only trust Google authenticator as what if I don't receive the code in time. My account would be locked till I contact the support and get a response.

[Zicadis]

sorry for your loss mate.
I have noticed this has actually happened to several people what is the best course of action to protect ourselves from hackers
as strong passwords are not good enough... maybe a combination of 2fa and incognito mode or maybe site is at fault with it's loopholes