Bitcoin Forum
December 16, 2017, 11:36:14 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: I was stolen 1.2 btc at bittrex *without* notification.Needing advice!  (Read 9361 times)
hero18688
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 01, 2014, 11:24:51 AM
 #1

5 days ago.1.2 btc was stolen from my account at bittrex.I just noticed this yesterday.Because no withdraw notification had sent to my email.I left about 1 btc for trading at bittrex and some altcoins.The motherfucking hacker logged in my account sold all the altcoins for btc and buy Darkcoin with my btc.Then he utilize the BC-DRK market for laundering.There is no withdrawal notification to me.It's much smarter than hacking your account and withdraw all your coins.

I asked bittrex support for help,but they are helpless at all.Form what they said,even with 2FA,there is no guarantee for safety there. The safest way is to withdraw btc from bittrex!
Conversation between me and bittrex owner:
https://bittrex.zendesk.com/hc/en-us/requests/10017

Update:I just found that my cryptsy account has been robbed,too,Lost 0.12btc there.He used sbc-ltc to drain my fund Angry
One thing for sure.I did use different password on both sides.

This is the motherfucking asshole'IP.Maybe a proxy.
129.123.7.6   LOGAN, UTAH, UNITED STATES   2014-09-24 14:18:39 EST

0.5 btc bounty for tracing back my fund.

Right now I am needing some advice:
1、Should I continue using the same account on bittrex and cryptsy.Password changed of course.
2、Finding a suitable antivirus or security apps for miners and altcoin traders.Some apps like to report mining programs or wallets as virus,trojan.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bathrobehero
Legendary
*
Offline Offline

Activity: 1372


ICO? Not even once.


View Profile
October 01, 2014, 11:26:55 AM
 #2

2FA all day, every day and don't run any executables (wallets/miners/tools) without sandbox or VM.

RIP Bittrex
david1365
Hero Member
*****
Offline Offline

Activity: 826



View Profile
October 01, 2014, 11:28:56 AM
 #3

Did u try turn on 2FA?
hero18688
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 01, 2014, 11:30:55 AM
 #4

Did u try turn on 2FA?
With 2FA still has risk of being stole at bittrex.Someone has reported this fact
http://highoncoins.com/cryptocurrency-trading-tips/do-not-use-two-factor-authenticatoin-with-bittrex/

https://bitcointalk.org/index.php?topic=770522.0

bathrobehero
Legendary
*
Offline Offline

Activity: 1372


ICO? Not even once.


View Profile
October 01, 2014, 11:50:39 AM
 #5


"Somehow, the hacker was able to get the password of my friend’s account to get access to his Bittrex account.  Then, somehow he was able to get the correct code of TFA to withdraw all the money."

I don't think there is an e-mail based 2FA at bittrex (which is useles) and getting through phone based 2FA doesn't just happen. Maybe the attacker stole your browser's already logged in session? I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.

RIP Bittrex
hero18688
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 01, 2014, 12:05:26 PM
 #6

I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.
Yes.And bittrex allow buying and selling within the same account which is convenient for pump&dumpers but also for hackers.

mishax1
Legendary
*
Offline Offline

Activity: 1582

keybase.io/mishax1


View Profile
October 01, 2014, 01:08:53 PM
 #7


I wonder if some more reports will pop up after this..
SalimNagamato
Legendary
*
Offline Offline

Activity: 924



View Profile
October 01, 2014, 01:11:39 PM
 #8

conclusion: don't keep YOUR coins in the exchange. no one is learning from what happened in cryptorush, mintpal, mtgox... ? nothing is 100% secure
send to exchange only when you want to sell/buy.
it will also might give your coins some more value

not hashing, folding and curing (check FLDC merged-folding! reuse good GPUs)
KidCrypto
Sr. Member
****
Offline Offline

Activity: 294


View Profile
October 01, 2014, 03:43:31 PM
 #9

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.
Amph
Legendary
*
Offline Offline

Activity: 1722


Zabercoin – An Asset Backed Cryptocurrency


View Profile
October 01, 2014, 03:46:00 PM
 #10

checks your rig/pc, it's infected for sure

THE FUTURE OF
REAL ESTATE
..

║║
║║
║║
▬▬ ● ● ▬▬▬▬▬▬▬ ● ● ▬▬▬▬▬▬▬ ● ● ▬▬▬▬▬▬ ● ● ▬▬

║║
║║
║║
Jerrietg
Sr. Member
****
Offline Offline

Activity: 350


View Profile
October 01, 2014, 03:59:52 PM
 #11

have you contact bittrex ask the reason , i think they can help you ,
hero18688
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 01, 2014, 04:12:28 PM
 #12

have you contact bittrex ask the reason , i think they can help you ,
Did you read my post? I already posted the link to my conversion with bittrex.They are helpless!

bathrobehero
Legendary
*
Offline Offline

Activity: 1372


ICO? Not even once.


View Profile
October 01, 2014, 04:12:40 PM
 #13

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.


RIP Bittrex
hero18688
Sr. Member
****
Offline Offline

Activity: 392


View Profile
October 01, 2014, 04:15:37 PM
 #14

checks your rig/pc, it's infected for sure
I have installed eset security long ago and keeping update.Which antivirus program are you recommending.I've tried others but they like to report wallet/miner as virus.

KidCrypto
Sr. Member
****
Offline Offline

Activity: 294


View Profile
October 01, 2014, 04:17:20 PM
 #15

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.

Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex?

Thank you
bathrobehero
Legendary
*
Offline Offline

Activity: 1372


ICO? Not even once.


View Profile
October 01, 2014, 04:24:45 PM
 #16

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.

Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex?

Thank you

Welll, technically 2FA can mean email verification instead of phone verification but that's not what I meant. If your PC got compromised, chances are the attacker also has access to your e-mail account as well which means you're done and he can do whatever he want. I lost my fair share because of my own stupidity and I went through the hoops with the support of an exchange but I can't really blame them for this kind of situations. My PC got compromised with certain passwords saved among an email address without phone 2FA so really, I kind of deserved what I got and I'm just glad that I haven't lost everything. 2FA, sandbox/VM is a must.

Edit:
Technically, you could probably run Google  Auth on your desktop, but you would need to use Android emulation software.

There are tools like WinAuth which does the same thing without the need to emulate android. But do not use it on your main PC as it defeats the purpose.

RIP Bittrex
itsAj
Hero Member
*****
Offline Offline

Activity: 588



View Profile
October 01, 2014, 04:26:57 PM
 #17

You have a keylogger or trojan on your computer. You must format.
mecc
Jr. Member
*
Offline Offline

Activity: 34


View Profile
October 01, 2014, 04:52:15 PM
 #18

You can use winauth on an offline laptop or netbook. You can also run it with wine.

https://code.google.com/p/winauth/
http://askubuntu.com/questions/177192/how-do-i-create-a-32-bit-wine-prefix

wine 32 prefix is something you have to do to run it in linux if that's your preferred OS
acs267
Hero Member
*****
Offline Offline

Activity: 616



View Profile
October 01, 2014, 04:54:35 PM
 #19

Haven't this happened before, but on Cryptsy I think? Some person's account got hacked and the thief actually was able to take over their computer, or something like that. Didn't touch their E-Mail to make it less suspicious. Converted all of their coins into BlackCoin I think and sold them for sats.
fox19891989
Hero Member
*****
Offline Offline

Activity: 840



View Profile
October 02, 2014, 01:53:18 AM
 #20


so you turned off 2FA because of risk?
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!