I think I was hacked on Bitfinex - what to do?

[oddity]

I just had a very alarming series of events happen and would appreciate any advice as to my best course of action.

This is what went down:

1. I logged into my Bitfinex account for the first time in a couple of months.

2. Upon logging in I was asked for my google authenticator one-time key. I had not yet set up OTP on this account and so this was confusing.

3. While sitting there trying to think what to do I recieved an email from Bitfinex with an authorisation link to setup OTP. I clicked that link.

4. This took me to the security settings page. This page said that OTP was enabled. I couldn't disable it without an OTP code.

5. At this time I started receiving emails saying that BTC were being withdrawn from my account. I didn't authorise any trades or withdraws so I am not sure why this was happening.

6. I logged out of the account.


Does anyone know what could be happening here?
I've emailed BitFinex support to ask what happened. Is there anything else I can do? Is there a phone number or other contact? What else should I do??

[1713985384]

1713985384

[HairyMaclairy]

Google "hong kong company search", find a search provider and do a search for Bitfinex.  You should be able to find phone numbers or at least registered addresses that way.

[flower1024]

or you just use their support page: https://www.bitfinex.com/pages/support

you may get your account back, but i am not sure about the coins

[Elwar]

Did you login to bitfinex.com from your address bar or did you click on an e-mail from Bitfinex and login with your username and password?

[oddity]

I logged in from the address bar but I now cant log in again because it is asking for an OTP code which I never set...

This also means I cannot start a ticket from within the Bitfinex website. From my point of view, it seems that the website has been compromised and that this is something that should be escalated quickly. I received multiple email notifications saying that BTC had been withdrawn from my account but I did not make any transactions at all so I am quite worried.

I emailed support 6+ hours ago and have had no response. I've tried messaging bitfinex people on this and other forums. I did a company search as suggested by HairyMaclairy but could not find a phone number. Anything else I can try?

[anddam]

From what you wrote it sounds very much like your account got hacked (possibly by accessing your email box) and the hacker himself enabled the OTP.

Now it's been a few days since you opened the thread, can you provide us an update?

[Rannasha]

Someone obtained your login-details. Either through malware on your computer (a keylogger) or from another website where you used the same credentials.

The attacker then added 2-factor-authentication to keep you out of your account.

Your first order of business is to assume your machine has been compromised and make sure that any Bitcoins are moved to a safe wallet. You can contact Bitfinex (check the official thread for usernames of Bitfinex-operators), but honestly I don't know how much they can do about the situation other than refunding you out of their own pocket.

[alfabitcoin]

Hacker could get your email login and with your email in control used reset password to gain an access. Then setup otp himself.
Never use weak passwords on your email, try to find email service what offer otp and enable it in all internet services.

[PirateHatForTea]

This sounds like it could have been a phishing attack in fact - are you sure thast the address bar showed the right url?