user and password in bittrex

[amirheavy666]

Dears
some one hacked my user and password in bittrex but didn't hack my email yet....can he withdraw my account without access to my email ?  my 2FA is off too.

[OmegaStarScream]

I believe sending emails for withdrawal is not optional so he shouldn't be able to withdraw. Just change your password and set 2FA since you have access to your email.

[~Bitcoin~]

can he withdraw my account without access to my email ?  my 2FA is off too.

If you haven't enabled 2FA than he can't withdraw without access to your email but make sure that you haven't used same password in your email account like in bittrex.

Also reset password of bittrex so that your account will be locked for next 24 hours and you can make other changes.

[adroitful_one]

Dears
some one hacked my user and password in bittrex but didn't hack my email yet....can he withdraw my account without access to my email ?  my 2FA is off too.

Correct me if i'm wrong, but I think he can enable withdraw with the api and withdraw. Not entirely certain though. I do know you can enable withdraw through the api, but i'm not sure if it still sends the email verification or not. Either way, I would change passwords as soon as possible!

[magneto]

Dears
some one hacked my user and password in bittrex but didn't hack my email yet....can he withdraw my account without access to my email ?  my 2FA is off too.

In this instance, change the password first so that you essentially lock him out of the account. I would not suggest getting support involved because a) they probably can't do anything and b) they may lock your account indefinitely and it's hard to get control of it back.

Bittrex uses mandatory email 2fa on withdrawals. Without access to your email, he can't withdraw. I'm not 100% sure about API but I'm sure bittrex probably thought of that as well and implemented some sort of verification offsite before one is allowed to withdraw through an API(not certain about this).

Regardless, change your password as well as any similar/same passwords on other sites. It's better to be safe than sorry in dealing with anything that has or stores a monetary value online.

[MinerHQ]

Dears
some one hacked my user and password in bittrex but didn't hack my email yet....can he withdraw my account without access to my email ?  my 2FA is off too.

Correct me if i'm wrong, but I think he can enable withdraw with the api and withdraw. Not entirely certain though. I do know you can enable withdraw through the api, but i'm not sure if it still sends the email verification or not. Either way, I would change passwords as soon as possible!

I didn't try with api but surely you will get an email to confirm your withdrawal if you're not enabled 2fa function.

The best solution immediately enables 2fa function to your account if funds are not withdrawn from the account then hacker can't access the account. use

Remember never use the same password for your online accounts and email for your safety. Before depositing your money into any online accounts better enable your 2fa.

[timerland]

Dears
some one hacked my user and password in bittrex but didn't hack my email yet....can he withdraw my account without access to my email ?  my 2FA is off too.

So what are you waiting for? Your first instinct should be changing your passwords one by one and downloading google authenticator/enabling sms/email 2FA, since you already know that your bittrex account was compromised.

You can't withdraw from bittrex without having access to your email. This is a security measure that bittrex put in. What he can do though is execute trades without your email confirmation. And he may be wasting your money that way on fees and spreads.

Always, always turn on 2fa on all sites possible, unless you're not planning on storing more than $100 on it. Any ideas on how the hack may have occurred for your account?

[amirheavy666]

I changed my password but when i login to my account in my summery some unkown ip login is in my history after changing my password yet!!

and for 2fa it must work just with one cell phone yes? but I scan my QR-code in bittrex with my second cell phone and the system show the code on second cellphone too !!

so if hacker login to my account he can active 2fa in his cell phone too!! is it correct ?!

[magneto]

I changed my password but when i login to my account in my summery some unkown ip login is in my history after changing my password yet!!

and for 2fa it must work just with one cell phone yes? but I scan my QR-code in bittrex with my second cell phone and the system show the code on second cellphone too !!

so if hacker login to my account he can active 2fa in his cell phone too!! is it correct ?!

The safest step to take would be to withdraw all funds from bittrex, and just ditch your account. You'll be able to find the level of service bittrex gives you on other exchanges anyways and since you already know that you have a hacker on your back, it's probably the safest thing to do.

Did you have 2fa enabled when the hacker logged in again? Are you sure it wasn't just you using VPN/Tor with an IP that you didn't recognise?

I don't know if you can add multiple devices as 2fa but to log in, you need code from at least one of the 2fa devices. And the hacker does not have that, so theoretically he doesn't have a chance of logging in.

Last resort, either ditch bittrex, or tell support about the situation and see what they reply with. But first, get your funds out.