Bitcoin Forum
November 11, 2024, 09:24:26 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bittrex User Narrates How He Almost Lost His Funds To A Phishing Site  (Read 579 times)
zycrypto (OP)
Member
**
Offline Offline

Activity: 97
Merit: 10

ZyCrypto:Cryptocurrency Daily News /Coins Analysis


View Profile WWW
August 08, 2017, 05:46:01 PM
 #1

Continue Reading =>  https://zycrypto.com/bittrex-user-narrates-almost-lost-funds-phishing-site/

TheCoinFinder
Legendary
*
Offline Offline

Activity: 938
Merit: 1001



View Profile WWW
August 08, 2017, 06:18:19 PM
 #2

This is a stressful situation really you passed through. We have always been admonishing crypto users to be careful while signing your accounts.
The moment he identified url he was going to allow credential leakage, was a bigger success in the world of scammers

.Deviant.io.                ▄▄▄▄███▄▄▄▄
             ▄█▀▀░░░░░░░░░▀▀█▄
           ██▀░░░░░░░░░░░░░░░░██
         ▄█▀░░░░░░░░░░░░░░░░░░░▐█▄
        ▐█░░░▄████████████████▄░░
        █▌░░███▀▀▀████████▀▀▀██▌▐█
        █▌░░█████▌  ▐▄▄   ██████░▐█
        ██░░▀██████████████████░▒██
        ▄██▄▄███▀▓▓▓▓▓▓▓▀███▄░▄███▄
     ▄██▓▓▓██▓▓███▀▀▒▒▒▀▀███▓▓██▓▓▓▓██
    ▐█▓▓▓▓█▓██▀▒▒▒▒▒▒▒▒▒▒▒▌▒▀████▓█▓▓▓
    ▀███████▒▒▒▒▒▒▒▒▒▒▒█▀█▒▒▒████████▀
      ▀████▒▒▒▒▒▒▒▒▒▒▄█▀▒▒█▒██▀▒████▀
      ▐█▓█▌▒▒▒▒▒▒▒▒██▒▓▓▓▒▀▒▒▒▒▓██▓█▌
      ██▓█▌▒▒▒▒▒▒██▓████▓▒▒▒▓▓▒███▓█▌
      ▐█▓██▒▒▒▒███▀▒▒▒█▌▓▓▓██▀▒██▓█▌
       ██▒█▌▒▀▒▒▒▒▒▒▒▒█▌▓██▀▒▒▒▒█▒██
        ██▒██▒▒▒▒▒▒▒▒▒█▀▒▒▒▒▒▒██▒██
         ▀█▓▓██▄▒▒▒▒▒▒▒▒▒▒▒▄██▓▓█▀
           ▀██▒▀█████▄█████▀▓██▀
         ▄▄▓▓▓█████▄▄▓▄▄█████▓▓▄▄

























      ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓     ▓▀▓▓▓▌
     ▓▓▓   ▓▓▓▓▓        ▐▓▓▌
     ▓▓▓               ▐▓▓▓▌
    ▐▓▓▓               ▓▓▓▓▌
    ▐▓▓▓▓             ▓▓▓▓▓▌
    ▐▓▓▓▓▓▄▄         ▓▓▓▓▓▓▌
    ▐▓▓▓▓         ▄▓▓▓▓▓▓▓▓▌
    ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▀      ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌    ▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌          ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌         ▐▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌

    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓░░▓▓▓▓░░▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓²         ` ║▓▓▓▓▓
    ░▓▓▓▓              ╢▓▓▓▓
    ░▓▓▓Γ    ▓╥  ╓▓┐    ▓▓▓▓
    ░▓▓▓     ╙`   ╙     ▓▓▓▓
    ░▓▓▓╥   ─,,  ,,─   ╓▓▓▓▓
    ░▓▓▓▓▓▓░░▓▓▓▓▓▓░░░▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ▓▓▓▓▀▀▀▓▓▓▓▓    ▀▀▀▀▓▓▓▓
    ▓▓▓▓   `▓▓▓▀        ▓▓▓▓
    ▓▓▓▓▌            ▄▓▓▓▓▓▓
    ▓▓       ,▄▄▓▓   ▐▓▓▓▓▓▓
    ▓▓▄,▄▄   ▐▓▓▓▓▓   ▀▀ '▀▓
    ▓▓▓▓▓▓▓   ▀▓▀▀▀       ▄▓
    ▓▓▓▓▓▓▓             ▓▓▓▓
    ▓▓▓▓▀       ▄▄▓▓▌   ▓▓▓▓
    ▓▓▓▓▓▄▄▄▄   ▓▓▓▓▓▄,▄▓▓▓▓
    ▓▓▓▓▓▓▓▓▓▄  ▐▓▓▓▓▓▓▓▓▓▓▓
iamTom123
Hero Member
*****
Offline Offline

Activity: 490
Merit: 501



View Profile
August 08, 2017, 06:24:59 PM
 #3

This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
mobnepal
Legendary
*
Offline Offline

Activity: 1218
Merit: 1006


View Profile
August 08, 2017, 06:33:53 PM
 #4

I have also seen somewhere in this forum, One guy with 2fa enabled lost all of his funds from bittrex. Might be he has also entered his details in one of the bittrex phishing sites like this one. There are different sites which are just set up to stole user credentials for different exchange platforms and wallets. We users have to be careful like the guy in the story.  Wink
Emoclaw
Sr. Member
****
Offline Offline

Activity: 420
Merit: 251


View Profile
August 08, 2017, 06:46:36 PM
 #5

This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
2FA is the simplest and most effective solution to completely prevent account theft.
The procedure is extremely straight forward, you use a smartphone app that generates temporary codes. What about it don't you comprehend?

Being unaware of 2FA is one thing, literally losing everything because you couldn't comprehend something a 12 year old can do is completely another.
The One
Legendary
*
Offline Offline

Activity: 924
Merit: 1000



View Profile
August 08, 2017, 07:29:13 PM
 #6

Just a thought. Before being allowed to withdraw any funds, why don't exchanges ask for another different password or confirmation via email?

When logging into Bittrex, bittrex send an email in case you didn't log in. That only work if one is online and watching their email account. It doesn't take long for a scammer to change the password.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

MysticOne
Jr. Member
*
Offline Offline

Activity: 59
Merit: 10


View Profile
August 08, 2017, 07:33:53 PM
 #7

Just a thought. Before being allowed to withdraw any funds, why don't exchanges ask for another different password or confirmation via email?

When logging into Bittrex, bittrex send an email in case you didn't log in. That only work if one is online and watching their email account. It doesn't take long for a scammer to change the password.

This wouldn't really help that much as the hackers are using low volume coins to trade your funds away by buying high and selling low to accounts that they control.
cleavey
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
August 08, 2017, 08:45:51 PM
 #8

This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
2FA is the simplest and most effective solution to completely prevent account theft.
The procedure is extremely straight forward, you use a smartphone app that generates temporary codes. What about it don't you comprehend?

Being unaware of 2FA is one thing, literally losing everything because you couldn't comprehend something a 12 year old can do is completely another.
Nothing is 100%. 2FA doesn't prevent a phisher logging on with your credentials, he just has to present you with a fake site, and pass along whatever details you give them in realtime. With Bittrex this is somewhat countered by having to be logged in for 2 minutes before withdrawing (so you have to put in a different 2FA code to what you logged in with, meaning that they cannot initiate a withdrawal), but it doesn't stop a smart phisher from playing the long game, hoping you don't realise you're being phished, and redirecting the funds the next time you're prompted to use 2FA (probably the next time you initiate a deposit or withdrawal yourself, or more riskily they pretend you were logged out and prompt you to login again).
dothebeats
Legendary
*
Offline Offline

Activity: 3780
Merit: 1354


View Profile
August 08, 2017, 09:00:49 PM
 #9

That's why I don't trust Google Search anymore. It's very easy for scammers to pay Google to get their site to the top irregardless of how many visitors the site is actually getting. The PageRank algorithm that Google uses is superb, at least back in the day. But now? It's crap. Right now, careful checking is really needed before you enter any information that includes your financial details and such.

Checking domain names is the first step to avoid phishing attacks, however homograph and Punycode websites are still up as of these days and can still be a way for scammers to imitate a legit site. The domain names of the legit and the scam site are similar on the search bar of your browser (particularly Chrome) but if you try to paste the domain name to your local notepad, you can see that the domain name is masked by deceptive unicode characters that appear as plain letters in browsers. Most people would be tricked by this especially those who aren't really familiar on how homograph and Punycode works in browsers.

Not so pro tip, use duckduckgo for searching.

█████████████████████████████████
████████▀▀█▀▀█▀▀█▀▀▀▀▀▀▀▀████████
████████▄▄█▄▄█▄▄██████████▀██████
█████░░█░░█░░█░░████████████▀████
██▀▀█▀▀█▀▀█▀▀█▀▀██████████████▀██
██▄▄█▄▄█▄▄█▄▄█▄▄█▄▄▄▄▄▄██████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀███████████████████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀██████████▄▄▄██████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
 Crypto Marketing Agency
By AB de Royse

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████████████████████████████████████████████████████████████████████████████████████████████████
WIN $50 FREE RAFFLE
Community Giveaway

██████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████
██
██████████████████████
██████████████████▀▀████
██████████████▀▀░░░░████
██████████▀▀░░░▄▀░░▐████
██████▀▀░░░░▄█▀░░░░█████
████▄▄░░░▄██▀░░░░░▐█████
████████░█▀░░░░░░░██████
████████▌▐░░▄░░░░▐██████
█████████░▄███▄░░███████
████████████████████████
████████████████████████
████████████████████████
dejames
Member
**
Offline Offline

Activity: 96
Merit: 10


View Profile
August 08, 2017, 09:02:53 PM
 #10


Interesting. Everyone should be wary of phishing sites. I've seen a few myself, some are phishing sites for email and social media accounts too.
deadsilent
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 500



View Profile
August 09, 2017, 02:12:24 AM
 #11

That's why you have to be more careful when logging in to your accounts. I've seen same case with the victim. But not bittrex, it's a mixing service bitmixer. Usually the original site was bitmixer.io. But instead it's bitmixer.com. That's very confusing especially to newbies. So i suggest enter the correct URL directly if you know it. Delete other search engine extensions to your browser. Sometimes they screwing with you. So better rid them.

pinkflower
Sr. Member
****
Offline Offline

Activity: 868
Merit: 259



View Profile
August 09, 2017, 06:59:28 AM
 #12

I have also seen somewhere in this forum, One guy with 2fa enabled lost all of his funds from bittrex. Might be he has also entered his details in one of the bittrex phishing sites like this one. There are different sites which are just set up to stole user credentials for different exchange platforms and wallets. We users have to be careful like the guy in the story.  Wink

I dont believe him. How do you think can a hacker can bypass 2FA unless the site itself has a bug or it has a vulnerability? Its close to impossible, if not impossible to guess 6 numbers in the right order that changes every 30 seconds.

If he was hacked and his BTC was stolen then he didnt have 2FA on.
xypos
Sr. Member
****
Offline Offline

Activity: 532
Merit: 250


View Profile
August 09, 2017, 10:23:29 AM
 #13


I think a huge part of the problem is that google is allowing these sorts of ads to pop up on their search engine when someone searches up bittrex. I remember in the past bitcoin mixers were targeted, for example bitmixer and bitblender.

Google needs to ban these types of ads, and people really need to be more careful when they type in the URL of a web address. I mean how is it even possible that the guy typed in l instead of i in the first place? They're like on completely different rows -_-

I believe that bittrex also has some responsibility in preventing fraud from happening by registering all similar URLs beforehand so that it redirects to the legit site.
hello_good_sir
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 531



View Profile
August 09, 2017, 11:07:11 AM
 #14


I think a huge part of the problem is that google is allowing these sorts of ads to pop up on their search engine when someone searches up bittrex. I remember in the past bitcoin mixers were targeted, for example bitmixer and bitblender.

Google needs to ban these types of ads, and people really need to be more careful when they type in the URL of a web address. I mean how is it even possible that the guy typed in l instead of i in the first place? They're like on completely different rows -_-

I believe that bittrex also has some responsibility in preventing fraud from happening by registering all similar URLs beforehand so that it redirects to the legit site.

He did not directly mistype the letters. Rather he conducted a google search, and probably spelt the name bittrex wrong in another way. But google decided to give him a malicious phishing ad(as they always do for some reason, as you said).

This is a problem that needs to be solved for google and imo google should be liable for any damages that has been done to the victim by the phishing site. It's funny how they filter out inappropriate stuff on youtube without second thoughts but let scammers and con artists advertise their sites openly.

At least this guy had some brains and realised before it was too late. Others probably won't realize until their balance is completely gone, and then complain about it in public saying that they had enabled 2fa and their account got hacked blablabla but in reality it's just that they went on a phishing site and gave everything away voluntarily. ALWAYS, check the url, espcially when dealing with known cases such as bittrex, bitmixer(in the past anyways), etc.

pawanjain
Hero Member
*****
Offline Offline

Activity: 2856
Merit: 732


Nothing lasts forever


View Profile
August 09, 2017, 04:42:13 PM
 #15

that's what happens when we dont pay attention on what we do. The guy was fortunate enough that he found out thst he was going to be a victim of a phishing attack . We should always look out on the domains when we pass personal information on websites. Hackers are out there everywhere to look for small fishes to enter their information on their websites and grab their money from their accounts. So pay attention on the internet and secure yourself.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
ArdiPrabowo
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
August 09, 2017, 07:42:52 PM
 #16

not only bittrex
phising can attack all exchanger, not only exchanger myetherwallet same accident too about phisng attack, so is not big news
Patatas
Legendary
*
Offline Offline

Activity: 1750
Merit: 1115

Providing AI/ChatGpt Services - PM!


View Profile
August 09, 2017, 07:45:50 PM
 #17

Not giving two shits about opening a third party website for reading a simple article.You are also promoting your blog by spamming links to the article everywhere,you know it is not allowed and you'd get a warning from moderators soon.If you really want to share,just tl;dr the post here or put it in quotes.Free advertising is not allowed especially if you're spamming links.
 
alyssa85
Legendary
*
Offline Offline

Activity: 1652
Merit: 1088

CryptoTalk.Org - Get Paid for every Post!


View Profile
August 09, 2017, 08:01:44 PM
 #18

That's common way to trick users, put ads about their link on search engine. We've seen this type of scam hundred time from electrum, blockchain.info, myetherwallet, electron cash and many more (website that scammer clone with similar domain).
But 2FA, adblock or add-ons that warn/block suspicious website help a lot in this case.

Instead of using Google, bookmark the Bittrex login url, and then you'll basically always go to the right site.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit InvestBox.|.BUY X10 AND EARN 10% DAILY.🏆
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
August 09, 2017, 08:38:16 PM
Last edit: August 14, 2017, 12:18:47 AM by Razick
 #19

Every day there is a new post/thread about someone losing their hard-earned coins to one of these fake phishing sites.
It is sad, really, that there are people out there who think robbing from others will improve their lives.
What ever happened to making a good, honest living?

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!