Bittrex Account Hacked - 2FA was active

[Hastura]

************************************************************************************
************************************************************************************
UPDATE
Please check this post....problem "solved"
https://bitcointalk.org/index.php?topic=2070757.msg20707281#msg20707281
************************************************************************************
************************************************************************************

Hello

Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.

Here is what happen:

I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...

I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.

I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.

So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!

I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.

Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....

Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer

[6Asmodeus6]

Bittrex has so many same topics in here and also in different forums.Most people says that they enabled 2FA so either there is problem in Bittrex 2FA or I don't know.I'm sorry to hear that you lost your money but they have a bad  support quality, it will take like 24-48 hours if you are lucky.Even if they answer you ı don't think there is nothing they can do if withdraw is finished.

Good luck , hope you get your things back somehow.

[Hastura]

Hello 6Asmodeus6

Well, i also hope to get all or at least a part of it back.

And i think i could have a chance to get some help.
I mean, if a user on bittrex makes a crosschain (Crosschain - A deposit of one coin to a different coins address is considered a crosschain deposit) then the money is lost.
And this is a user error. But they still help him somehow to get it back: https://support.bittrex.com/hc/en-us/articles/115000961172-Bittrex-s-Crosschain-Recovery-Policy

In my case i did nothing wrong.
My money was on their server, in one of their walltes, protected by their security system and it still got stolen.
So i expect them to help me to get my money back.

We will see...

[btcney]

Hello

Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.

Here is what happen:

I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...

I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.

I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.

So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!

I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.

Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....

Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer

This is weird... How the 'hacker' was able to gain access to your email PLUS your 2fa is pretty much baffling. Plus he was able to withdraw an amount from a foreign IP without letting off any alarms in the bittrex security system which is supposedly one of the most secure in the industry.

I've seen other complaints similar to this one and this definitely isn't an isolated case.

It could well be an insider job, however there is nothing that you can do to prove it. Bittrex will probably think that you are faking all this and trying to get extra money, so they probably won't give you the money even if you are obviously telling the truth because if they set a previous example then everyone will just fake theirs. It's quite easy, a VPN is all you need. I'm not saying that you faked it, though, just to be clear.

Are there any vulnerabilities that could have led to the demise of your account?

[TTITA]

Hello

Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.

Here is what happen:

I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...

I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.

I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.

So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!

I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.

Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....

Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer

if you got compromised trhu your computer it could be possibly, but at same time your mobile which linking with 2fa, they have accessing too, seems it weird.

[poordeveloper]

Check your history. Probably you didn't enter your username, password and 2fa code on Bittrex site but on a site with a very similar address.

How did you get to their site? Searching Google for their name or address? Writing the website address?

[Hastura]

Hello btcney

I'm not aware of any vulnerabilities...

And the thing with the foreign IP is very strange...they should have blockt this.

I mean, this person had time to login (2FA needed), exchange my OMG to BTC (no 2FA needed) and then started a transaction/withdrawal that go authorized (2FA needed).
I could understand somehow that the hacker got my 2FA code once (don't know how, but i think it possible)...but he got a valid code at least 2 times in a few minutes.

The 2FA is on my phone and i had it all the time with me.

[Hastura]

if you got compromised trhu your computer it could be possibly, but at same time your mobile which linking with 2fa, they have accessing too, seems it weird.

That's what i don't get. The phone was all the time with me...no idea how thexy got the code...at least twice.
One for the login and then another to authorize the transaction.

[Hastura]

Check your history. Probably you didn't enter your username, password and 2fa code on Bittrex site but on a site with a very similar address.

How did you get to their site? Searching Google for their name or address? Writing the website address?

Hello poordeveloper

Thanks for the info with the similar address...i will check this when im back home from work.

And i got on their site by typing "bittrex" in the address bar of my browser and then i got to the loggin page...as usual since i got that address im my browser history.

[2fresh]

This seems very fishy... :s. Keep us updated of what's happening.
Did you "lose" a lot?

[Hastura]

This seems very fishy... :s. Keep us updated of what's happening.
Did you "lose" a lot?

Hello 2fresh

Sure, i'll keep you guys updated.
And i lost +/- 2.55 BTC

[chiznitz]

Check your history. Probably you didn't enter your username, password and 2fa code on Bittrex site but on a site with a very similar address.

How did you get to their site? Searching Google for their name or address? Writing the website address?

Hello poordeveloper

Thanks for the info with the similar address...i will check this when im back home from work.

And i got on their site by typing "bittrex" in the address bar of my browser and then i got to the loggin page...as usual since i got that address im my browser history.

Hey all.  Even with 2FA you need to be careful where you enter your credentials.  Typing bittrex into the URL bar on google will lead you to phishing sites as advertisements. Here is an example of two fake sites showing up on google advertisements.



These sites have you enter your username/password and 2FA code, the hacker then logs into your account.  One of these sites also makes you wait 2 minutes since there is a 2 minute withdrawal freeze after a login. The sites then tell you your login was incorrect even though the hackers have now logged in.  You then enter another 6 digit code as asked by the phishing site and they use this code to withdrawal your funds.

Please make sure to bookmark https://www.bittrex.com and never search for the site. 

Unfortunately, these advertisements cannot be prevented and take some time to take down with official requests.

[Hastura]

These sites have you enter your username/password and 2FA code, the hacker then logs into your account.  One of these sites also makes you wait 2 minutes since there is a 2 minute withdrawal freeze after a login. The sites then tell you your login was incorrect even though the hackers have now logged in.  You then enter another 6 digit code as asked by the phishing site and they use this code to withdrawal your funds.

Please make sure to bookmark https://www.bittrex.com and never search for the site. 

Unfortunately, these advertisements cannot be prevented and take some time to take down with official requests.

Hello chiznitz

Thank you for the info.
I will check my browser history when i'm at home.

[not.you]

I can think of at least one far out but possible scenario that would explain all of the details.  If your PC was compromised and something on the PC routed your entire browser session through a proxy controlled by the thief then this should be possible.  The 2fa is time based so the exact same code is good for about 30 seconds. If they routed your browser session through their proxy and then hijacked it man-in-the-middle style and then used a script to initiate withdrawals pretty much on the spot, then the same 2fa code would very likely be valid.  That proxy could also explain why you couldn't load the page for a bit after you logged in.

[tachypknea]

Hello

Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.

Here is what happen:

I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...

I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.

I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.

So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!

I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.

Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....

Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer

This is weird... How the 'hacker' was able to gain access to your email PLUS your 2fa is pretty much baffling. Plus he was able to withdraw an amount from a foreign IP without letting off any alarms in the bittrex security system which is supposedly one of the most secure in the industry.

I've seen other complaints similar to this one and this definitely isn't an isolated case.

It could well be an insider job, however there is nothing that you can do to prove it. Bittrex will probably think that you are faking all this and trying to get extra money, so they probably won't give you the money even if you are obviously telling the truth because if they set a previous example then everyone will just fake theirs. It's quite easy, a VPN is all you need. I'm not saying that you faked it, though, just to be clear.

Are there any vulnerabilities that could have led to the demise of your account?

I think i got hacked the same way (The IP Address of the hacker was also from Russia), it is weird how Bittrex won't prompt an email confirmation to the user when the IP address is very off  (I also live very far away from Russia)

[amacar2]

If you haven't entered your details in one of the fake bittrex site than this issue sound quite serious one. I have also enabled 2fa few months ago on bittrex and trusting them with most of my cryptos so I am quite worried right now after reading your case. Do they really have fault in their 2fa? I don't think 2fa can fail at any point because they are tied with google authentication which is based on time and secret code provided by the site. 

[LeGaulois]

There is something I don't get in the original post. For outgoing transfers, we get an email verification with a link to click to confirm the transaction. Without this process, it's not possible. So how would it be possible without getting access to your own email.
Bittrex usually answer to support ticket in 24 hours average but tracking the IP is worthless because only an idiot village  would use his original IP without masking it

[Hastura]

I can think of at least one far out but possible scenario that would explain all of the details.  If your PC was compromised and something on the PC routed your entire browser session through a proxy controlled by the thief then this should be possible.  The 2fa is time based so the exact same code is good for about 30 seconds. If they routed your browser session through their proxy and then hijacked it man-in-the-middle style and then used a script to initiate withdrawals pretty much on the spot, then the same 2fa code would very likely be valid.  That proxy could also explain why you couldn't load the page for a bit after you logged in.

Helllo not.you

Well, this is one possibility of what could happend, but if this is the case i have no way to find out.

[Hastura]

I think i got hacked the same way (The IP Address of the hacker was also from Russia), it is weird how Bittrex won't prompt an email confirmation to the user when the IP address is very off  (I also live very far away from Russia)

Hello tachypknea

I also don't understand that. I always  logged in from the same country, so it's strage that they/the security system did nothing when suddenly in ip from Russia logged in.
Did you already get an answer from the support?

[soothaa]

There is something I don't get in the original post. For outgoing transfers, we get an email verification with a link to click to confirm the transaction. Without this process, it's not possible. So how would it be possible without getting access to your own email.
Bittrex usually answer to support ticket in 24 hours average but tracking the IP is worthless because only an idiot village  would use his original IP without masking it

You do? Mine does not function like this at Bittrex - it does for a few other exchanges but not for Bittrex.. I should probably cruise through my settings pages and see if I can enable that. If not it should really be mandatory on the site.. kind of like a 3FA if you will.

I've been pulling my longer term holdings off of all exchanges, I get realllyyy nervous when I see a balance in an exchange over a few thousand $$$.