tachypknea (OP)
Newbie
 Offline
Activity: 7
Merit: 0
|
 |
August 06, 2017, 09:55:58 PM |
|
Hi everyone, My Bittrex account has 2FA authenticator active, but somehow the person was able to access my account and clear all my coins and transfer it out as BTC. They were unable to touch monero, as it was under maintenance. I was wondering if anyone can offer insight to what my best course of action would be. Bittrex won't deactivate my account upon request. Should I wipe my phone to be safe? Or my computer. The hacker transferred the BTC to this wallet: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK?offset=100&filter=6Thanks for reading. |
|
|
|
|
|
|
|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
DocSnyd3r
Member
Offline
Activity: 112
Merit: 10
|
|
August 06, 2017, 10:01:56 PM |
|
Maybe he cloned your 2FA token, was it gauth?
If he recorded a screenshot of the barcode...
You can check user activity there you find the ip addresses used.
|
3ADZdEawDgfhcHaXzZorX1aVxv7s2Ppv9e (beer BTC)
|
|
|
|
|
|
ninche
|
|
August 06, 2017, 10:23:00 PM |
|
i never activate 2fa either
|
|
|
|
|
tachypknea (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
August 06, 2017, 10:34:44 PM |
|
Sorry not sure what guath is.
But the individual somehow by passed the 2FA and somehow got ahold of my password and proceeded to changing the API key (no idea what the purpose is) and withdrew all the funds. I have the person's IP address, but I don't think I can do anything with that at this point. I am just paranoid if my computer/phones are infected.
Maybe I should disable 2FA :/
|
|
|
|
|
|
ice098
|
|
August 06, 2017, 10:45:04 PM |
|
Maybe he cloned your 2FA token, was it gauth?
If he recorded a screenshot of the barcode...
You can check user activity there you find the ip addresses used.
Oh its that possible? I already activate my 2fa lately. Im just afraid to lose it. I will remove it now based on you i hope that they will never open my account. I will put another options. |
|
|
|
bitcoinmaniac52
Sr. Member
Offline
Activity: 532
Merit: 250
Presale is live!
|
|
August 06, 2017, 10:45:54 PM |
|
It is such a shame that every single day on this forum we see multiple posts of poor individuals getting taken advantage of by hackers/thieves.
They do not have any place in our community. Sorry for your loss, my friend.
|
|
|
|
Minecache
Legendary
Offline
Activity: 2198
Merit: 1024
Vave.com - Crypto Casino
|
|
August 06, 2017, 10:49:06 PM |
|
Sorry not sure what guath is.
But the individual somehow by passed the 2FA and somehow got ahold of my password and proceeded to changing the API key (no idea what the purpose is) and withdrew all the funds. I have the person's IP address, but I don't think I can do anything with that at this point. I am just paranoid if my computer/phones are infected.
Maybe I should disable 2FA :/
Google Authenticator. |
|
|
|
|
chiznitz
|
|
August 06, 2017, 11:26:23 PM |
|
Your account is way more secure if you use 2FA. I recommend enabling it if you still do not have it enabled. The guy in the link you posted was actually sharing his account with a "friend" When visiting Bittrex please make sure to bookmark or manually type in https://www.bittrex.com Google currently returns phishing sites as advertisements for Bittrex. These sites look just like ours and have been tricking users into entering their credentials and multiple 2FA codes which are good for 2minutes. Typically they have the user enter their code and then tell them logins are congested and to please wait, at which point the user again enters their code. This means the attacker has entered their account on the first try and then now has a 2FA code to withdrawal for 2 minutes. Below is an example google search.  |
|
|
|
tachypknea (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
August 07, 2017, 12:03:35 AM |
|
Your account is way more secure if you use 2FA. I recommend enabling it if you still do not have it enabled. The guy in the link you posted was actually sharing his account with a "friend" When visiting Bittrex please make sure to bookmark or manually type in https://www.bittrex.com Google currently returns phishing sites as advertisements for Bittrex. These sites look just like ours and have been tricking users into entering their credentials and multiple 2FA codes which are good for 2minutes. Typically they have the user enter their code and then tell them logins are congested and to please wait, at which point the user again enters their code. This means the attacker has entered their account on the first try and then now has a 2FA code to withdrawal for 2 minutes. Below is an example google search. https://i.imgur.com/TfYlY6g.pngI could have possibly made that costly wrong click. Thank you so much, what a relief, being phished is better than having a virus stealing all my information |
|
|
|
|
tachypknea (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
August 07, 2017, 12:10:45 AM |
|
It is such a shame that every single day on this forum we see multiple posts of poor individuals getting taken advantage of by hackers/thieves.
They do not have any place in our community. Sorry for your loss, my friend.
Thank you for your kind words, makes me feel a lot better  |
|
|
|
|
|
pinkflower
|
|
August 07, 2017, 05:02:50 AM |
|
What did Bittrex say? Its impossible to bypass 2FA and users of any exchange are safer if they have it enabled. So dont ever disable it.
tachypknea, contact Bittrex and post screenshots of the conversations. Also post screenshots of your Bittrex account transactions as proof. You can paint on the amounts for privacy.
You are raising a serious concern about Bittrex's security. We as a community should start getting to the bottom of this. Its either you are lying or Bittrex is not secure.
|
|
|
|
|
|
sotoshihero
|
|
August 07, 2017, 05:11:54 AM |
|
What did Bittrex say? Its impossible to bypass 2FA and users of any exchange are safer if they have it enabled. So dont ever disable it.
tachypknea, contact Bittrex and post screenshots of the conversations. Also post screenshots of your Bittrex account transactions as proof. You can paint on the amounts for privacy.
You are raising a serious concern about Bittrex's security. We as a community should start getting to the bottom of this. Its either you are lying or Bittrex is not secure.
This is the best way to handle this is to contact the Bittrex support immediately. If thyis happens to you, it is possible to happen to anyone of us. Be sure to always keep your account/ password safe. For me, I did not activate my 2FA. I hope this is properly addressed and any breach discovered will be patch soon. |
|
|
|
|
tachypknea (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
August 07, 2017, 07:10:08 AM
Last edit: August 07, 2017, 10:29:34 AM by tachypknea |
|
What did Bittrex say? Its impossible to bypass 2FA and users of any exchange are safer if they have it enabled. So dont ever disable it.
tachypknea, contact Bittrex and post screenshots of the conversations. Also post screenshots of your Bittrex account transactions as proof. You can paint on the amounts for privacy.
You are raising a serious concern about Bittrex's security. We as a community should start getting to the bottom of this. Its either you are lying or Bittrex is not secure.
The link below contains the transactions I cut and pasted from my profile, and the response I got from Bittrex. I never disabled 2FA, and the API key got changed at around the same time stamp, I am not sure if that is significant or not. (I still very new to crypto-currency as I have just started). I am not sure what Bittrex can do for me at this point, as they haven't replied to my request for an investigation. Removed link |
|
|
|
|
|
carlfebz2
|
|
August 07, 2017, 07:36:54 AM |
|
Your account is way more secure if you use 2FA. I recommend enabling it if you still do not have it enabled. The guy in the link you posted was actually sharing his account with a "friend" When visiting Bittrex please make sure to bookmark or manually type in https://www.bittrex.com Google currently returns phishing sites as advertisements for Bittrex. These sites look just like ours and have been tricking users into entering their credentials and multiple 2FA codes which are good for 2minutes. Typically they have the user enter their code and then tell them logins are congested and to please wait, at which point the user again enters their code. This means the attacker has entered their account on the first try and then now has a 2FA code to withdrawal for 2 minutes. Below is an example google search. I could have possibly made that costly wrong click. Thank you so much, what a relief, being phished is better than having a virus stealing all my information You did probably made this mistake brother on which you have been victimized by phishing and that picture above do really illustrate on where you should go. Most of the things we do search on google do have its own replica or phishing sites (Just my observations) that's why we should really be careful on making log-ins because we will surely compromise our money. Sorry for your loss, the best thing to do is change password all you had,never deactivate 2fa. |
|
|
|
|
|
|
pinkflower
|
|
August 08, 2017, 05:27:53 AM |
|
What did Bittrex say? Its impossible to bypass 2FA and users of any exchange are safer if they have it enabled. So dont ever disable it.
tachypknea, contact Bittrex and post screenshots of the conversations. Also post screenshots of your Bittrex account transactions as proof. You can paint on the amounts for privacy.
You are raising a serious concern about Bittrex's security. We as a community should start getting to the bottom of this. Its either you are lying or Bittrex is not secure.
The link below contains the transactions I cut and pasted from my profile, and the response I got from Bittrex. I never disabled 2FA, and the API key got changed at around the same time stamp, I am not sure if that is significant or not. (I still very new to crypto-currency as I have just started). I am not sure what Bittrex can do for me at this point, as they haven't replied to my request for an investigation. Removed link Where is the link? Please send it to me in my private messages and I will check it out. I am very skeptical with all of your claims because 2 factor authentication is very secure and there is no other way around it. What kind of device do you use for 2FA? Until you prove that your Bittrex account was really hacked all you are saying is FUD. |
|
|
|
|
Pursuer
Legendary
Offline
Activity: 1638
Merit: 1163
Where is my ring of blades...
|
|
August 08, 2017, 08:15:19 AM |
|
first of all that article is very old (3+ years) and secondly it is not even well written. and there are a lot of these articles and topics all over the forums. and in the end people make mistake themselves such as leaking their 2FA key or their password or even I saw leaking their API keys and then blame the services. I strongly recommend enabling your 2FA, you are ignoring a very strong layer of protection. and learn how to protect your account properly instead of reading BS articles on random sites. |
Only Bitcoin
|
|
|
CloudbaseJ
Newbie
Offline
Activity: 36
Merit: 0
|
|
September 25, 2017, 04:19:51 PM |
|
This shit is real! A good mate of mine just lost 5BTC even though he had f2a activated. He was logged in to bittrex on another computer and saw the hackers sell his coins for BTC, he managed to cancel the withdrawals 5 times whilst he was simultaneously getting his wallet address ready to withdraw the funds himself.
The hackers then sold the BTC to ETH and when he tried to cancel this withdrawal he got a message saying that he was unable to cancel the request.
A ticket has been opened to Bittrex for what that's worth.
Be careful guys.
|
|
|
|
|
Chol_gol
Member
Offline
Activity: 136
Merit: 10
|
|
December 02, 2017, 07:56:59 AM |
|
I have launched a telegram group. I want all those whose account has been disabled to join to this group. and if we needed to file a lawsuit against them we can do it collectively for better results. everybody is welcome here is group: https://t.me/joinchat/BjmOlA2Ir-_l5XhBATHoTg |
|
|
|
|
|
