HitBTC 2FA hoax

[Dutch Guy]

HitBTC refuses to reset my 2FA. Since Sunday 18th November I am not able to get them to remove the 2FA. My phone was reset so I can’t use the authenticator anymore. One specific helpdesk person is refusing to believe I am the owner. Even after numerous emails and sending multiple high resolution photo’s in front of a PC screen even with my Dutch passport in my hand they refuse. Legal, info, GDPR and relations don’t react. All gets tunneled to the same support idiot.
So be warned. If there are more people being held hostage please contact me. In a joint effort we can maybe press charges and claim losses. Since they are located in Hong Kong that will be difficult.

[1714026432]

1714026432

[1714026432]

1714026432

[1714026432]

1714026432

[pinkflower]

Dutch Guy, its also your responsibility to make back ups of the 2FA's QR code and the long alphanumeric string so you wont encounter this problem. You cant blame HitBTC customer support for trying to protect your account from a possible social engineering attack.

[Potato Chips]

Wait. Why? Did they say anything on why they refuse to recognize those documents? You can't just reach a dead end, they should state what is wrong so you can provide something that fixes it.

Its true that its the user's responsibility to keep their 2fa back-up code safe, but the same should apply regarding the exchange's job in case the opposite happen. Well anyway, next time use an authenticator app that lets you backup your codes, more efficient that way.

[Dutch Guy]

I used a Windows phone for the 2FA. Did see nothing about a backup possibility. Otherwise I would have put it in my KeePass vault. By the way, at Kraken I had the same problem. They fixed it in a couple of emails.

I refuse to send my social security number over email. This is not recommended by the Dutch government to prevent identity fraud.

Regulations and preventing of identity fraud as proposed by the Dutch government can be found here:
https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/identificatie/identiteitsbewijs
https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/gdpr.pdf

At HitBTC they don't give a dawn. Won't even respond to the concerns. They, or must I say Mr. Domingo Herrera keeps saying there is a black bar in the picture. He just either don't understand it or is just screwing around.

How would I know it is actually HitBTC? Could be spoofed email.

So HitBTC has basically stolen my money since there is no other solution they provide. No SMS, no snail mail, no nothing. Just an insecure email potentially exposing my full ID to the rest of the world.

 

 

[Kemarit]

I'm not surprised by the lack of support from HitBTC. If you just go around the forum, you will hear a lot of complaints against them. The only thing I think that might help you is to make some noise in their twitter account and see if they're going to respond to your complain. (https://twitter.com/hitbtc?lang=en). I guess there's no harm in trying.

[1Referee]

At HitBTC they don't give a dawn. Won't even respond to the concerns. They, or must I say Mr. Domingo Herrera keeps saying there is a black bar in the picture. He just either don't understand it or is just screwing around.

They definitely understand what's going on, they just don't care because they hope that you drop your case and thus have the funds become property of Hitbtc. They break every single law of each and every country they operate in, yet enforce their strict hillbilly policies on people with iron fist. It's a first class scum exchange.

In order to test their 'willingness' to help you out even further, did you try to remove the black bar and only blur out your social security number? It might sound like a non attempt, but you can at least try since there isn't much to lose at this point.

[Patatas]

Both are equally at fault I guess. This is really a case where only blame games will lead to nothing. It's your responsibility to back up your 2FA phase, it's mentioned when you're setting one up. I don't know how they'd believe it's the rightful owner even after verifying your identification because the hacker can just send the victims documents and get access to the accounts. All that apart, how much BTC are we talking about here?