Does this email come from Hitbtc.com??

[sujonali1819]

Usually, I don't check my email much unless I feel the need to. But today I've been checking my email for a while and I see some unwanted emails. Ex:

Today I get an email from the

Code:

<no-reply@hitbtc.com>

  in my spam folder. But I did not register on the hitbtc site today. Then I went to find out if such an email had come before. And then I got two more emails about hitbtc site registration from

Code:

<no-reply@hitbtc.com>

and 

Code:

<ask@hitbtc.com>

So now I want to know as I didn't try to register on the site then why I received this email from hitbtc? Or is it a hacker's phishing link?

[Potato Chips]

Checked my email and made an alt using a temp email and those addresses seems to be really from hitbtc BUT since you didn't register, do not touch them as social engineering attacks are still possible.

I noticed that hitbtc doesn't require the user to login again once the email is confirmed, you just need to agree with the terms etc... and then youre at the dashboard so one possibility I could think of is that they want it to disguise as "your account" and deposit funds on it which the scammers can access since they're the one who registered. well, it's a pretty weak method

update

Another one. Tried treating sign in as sign up-- I registered using the sign-in page. guess what? It worked, I received the "Thank you for signing up with HitBTC!
We sent a confirmation email to...." so it's also possible that someone is brute forcing accounts and since you do not have one, it equated as a "sign up"

[sujonali1819]

Checked my email and made an alt using a temp email and those addresses seems to be really from hitbtc BUT since you didn't register, do not touch them as social engineering attacks are still possible.

I noticed that hitbtc doesn't require the user to login again once the email is confirmed, you just need to agree with the terms etc... and then youre at the dashboard so one possibility I could think of is that they want it to disguise as "your account" and deposit funds on it which the scammers can access since they're the one who registered. well, it's a pretty weak method

update

Another one. Tried treating sign in as sign up-- I registered using the sign-in page. guess what? It worked, I received the "Thank you for signing up with HitBTC!
We sent a confirmation email to...." so it's also possible that someone is brute forcing accounts and since you do not have one, it equated as a "sign up"

I did not try to visit the link yet. So are you sure the mail comes from hitbtc officially? And these two email

Code:

<no-reply@hitbtc.com> <ask@hitbtc.com>

both are official?
As I know withdrawal notification comes from this mail.

Code:

<support@hitbtc.com>

 

Anyway, thanks for your constructive answer.

[LeGaulois]

I did not try to visit the link yet. So are you sure the mail comes from hitbtc officially? And these two email

It doesn't really matter so much since it's something that can be spoofed easily. I receive such emails regularly too, often from Chinese exchanges. I believe hackers with a list try to create an account and depending on the result it helps to identify an account.

The bot tries to create an account then
1) the site says "Registration successful, check out your email for bla bla bla"
2) the site says "wrong login information, bla bla bla"

If the bot sees case 2) it means you have an account, so to continue, the hackers will try to brute force the password. It's a way to clean their email lists.

[carlfebz2]

I do still had that email confirmation with Hitbtc registration wayback in 2017 (as you can see on the date)


It shows ask@hitbtc.com.So im aint sure if they already change it up to noreply@hitbtc.com but as confirmed above that one do really came from them.

[TryNinja]

I did not try to visit the link yet. So are you sure the mail comes from hitbtc officially? And these two email

Code:

<no-reply@hitbtc.com> <ask@hitbtc.com>

both are official?
As I know withdrawal notification comes from this mail.

Code:

<support@hitbtc.com>

 

Anyway, thanks for your constructive answer.

Copy the link by right-clicking and selecting "Copy URL" or by checking the email source code (but don't open it). If it leads to the real HitBTC website, then it is most likely something trying to login/register with your email.

If it leads to a fake website (e.g: hltbtc.com), then you have your answer.

In any case, since you don't have an account there, I wouldn't worry about this.

[jhenfelipe]

Since you didn't do the Sign-up process, just ignore and don't click the verification link. Idk when it started, but when I log in, the email notifications now come from
the same email ↓

Code:

no-reply@hitbtc.com

You might want to read this → Someone created an account with my email address

[Potato Chips]

I did not try to visit the link yet. So are you sure the mail comes from hitbtc officially? And these two email

Code:

<no-reply@hitbtc.com> <ask@hitbtc.com>

both are official?
As I know withdrawal notification comes from this mail.

Code:

<support@hitbtc.com>

 

Well, I wasn't 100% sure that's why I used the word "seems" but those email addresses mentioned are/were used by hitbtc

ask@hitbtc... - got my confirmation email from here
no-reply@.... - most "Successful Login from New IP" are from here
support@.... - yes, got my withdrawal verification here
and the links all redirect to hitbtc

Just do note of LeGaulois's reply which means anyone can impersonate hitbtc which I have also tried (no harm was done and can be done)



I recommend following TryNinja's advice.

[magneto]

Assume that it didn't. It seems extremely suspicious that it would come from two separate email domains when it's from the same service, and plus it ended up in spam. And if you never signed up to HitBTC, why would you even bother clicking it open?

It's likely a spoofed email address and/or a phishing attempt, imo.

But even if it was real, HitBTC is an absolutely terrible exchange to be using. I wouldn't even sign up to it if you asked me to, tbh.

[sujonali1819]

I did not try to visit the link yet. So are you sure the mail comes from hitbtc officially? And these two email

Snip~~
If the bot sees case 2) it means you have an account, so to continue, the hackers will try to brute force the password. It's a way to clean their email lists.

This is probably the reason why I received this email.

Copy the link by right-clicking and selecting "Copy URL" or by checking the email source code (but don't open it). If it leads to the real HitBTC website, then it is most likely something trying to login/register with your email.

If it leads to a fake website (e.g: hltbtc.com), then you have your answer.

In any case, since you don't have an account there, I wouldn't worry about this.

This is very informative. I will remember this and try to apply it in the future. Thanks for sharing it.


Note: I have already received the most valuable answer that I wanted to know. So no need to increase this discussion anymore. I am locking this thread to reduce spam. Thanks, all who already tried to solve my issue.