I was stolen 1.2 btc at bittrex *without* notification.Needing advice!

[hero18688]

5 days ago.1.2 btc was stolen from my account at bittrex.I just noticed this yesterday.Because no withdraw notification had sent to my email.I left about 1 btc for trading at bittrex and some altcoins.The motherfucking hacker logged in my account sold all the altcoins for btc and buy Darkcoin with my btc.Then he utilize the BC-DRK market for laundering.There is no withdrawal notification to me.It's much smarter than hacking your account and withdraw all your coins.

I asked bittrex support for help,but they are helpless at all.Form what they said,even with 2FA,there is no guarantee for safety there. The safest way is to withdraw btc from bittrex!
Conversation between me and bittrex owner:
https://bittrex.zendesk.com/hc/en-us/requests/10017

Update:I just found that my cryptsy account has been robbed,too,Lost 0.12btc there.He used sbc-ltc to drain my fund
One thing for sure.I did use different password on both sides.

This is the motherfucking asshole'IP.Maybe a proxy.
129.123.7.6   LOGAN, UTAH, UNITED STATES   2014-09-24 14:18:39 EST

0.5 btc bounty for tracing back my fund.

Right now I am needing some advice:
1、Should I continue using the same account on bittrex and cryptsy.Password changed of course.
2、Finding a suitable antivirus or security apps for miners and altcoin traders.Some apps like to report mining programs or wallets as virus,trojan.

[1713309305]

1713309305

[1713309305]

1713309305

[1713309305]

1713309305

[1713309305]

1713309305

[bathrobehero]

2FA all day, every day and don't run any executables (wallets/miners/tools) without sandbox or VM.

[david1365]

Did u try turn on 2FA?

[hero18688]

Did u try turn on 2FA?

With 2FA still has risk of being stole at bittrex.Someone has reported this fact
http://highoncoins.com/cryptocurrency-trading-tips/do-not-use-two-factor-authenticatoin-with-bittrex/

https://bitcointalk.org/index.php?topic=770522.0

[bathrobehero]

Did u try turn on 2FA?

With 2FA still has risk of being stole at bittrex.Someone has reported this fact
http://highoncoins.com/cryptocurrency-trading-tips/do-not-use-two-factor-authenticatoin-with-bittrex/

https://bitcointalk.org/index.php?topic=770522.0

"Somehow, the hacker was able to get the password of my friend’s account to get access to his Bittrex account.  Then, somehow he was able to get the correct code of TFA to withdraw all the money."

I don't think there is an e-mail based 2FA at bittrex (which is useles) and getting through phone based 2FA doesn't just happen. Maybe the attacker stole your browser's already logged in session? I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.

[hero18688]

I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.

Yes.And bittrex allow buying and selling within the same account which is convenient for pump&dumpers but also for hackers.

[mishax1]

I wonder if some more reports will pop up after this..

[SalimNagamato]

conclusion: don't keep YOUR coins in the exchange. no one is learning from what happened in cryptorush, mintpal, mtgox... ? nothing is 100% secure
send to exchange only when you want to sell/buy.
it will also might give your coins some more value

[KidCrypto]

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

[Amph]

checks your rig/pc, it's infected for sure

[Jerrietg]

have you contact bittrex ask the reason , i think they can help you ,

[hero18688]

have you contact bittrex ask the reason , i think they can help you ,

Did you read my post? I already posted the link to my conversion with bittrex.They are helpless!

[bathrobehero]

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.

[hero18688]

checks your rig/pc, it's infected for sure

I have installed eset security long ago and keeping update.Which antivirus program are you recommending.I've tried others but they like to report wallet/miner as virus.

[KidCrypto]

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.

Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex?

Thank you

[bathrobehero]

I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.

There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.

Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex?

Thank you

Welll, technically 2FA can mean email verification instead of phone verification but that's not what I meant. If your PC got compromised, chances are the attacker also has access to your e-mail account as well which means you're done and he can do whatever he want. I lost my fair share because of my own stupidity and I went through the hoops with the support of an exchange but I can't really blame them for this kind of situations. My PC got compromised with certain passwords saved among an email address without phone 2FA so really, I kind of deserved what I got and I'm just glad that I haven't lost everything. 2FA, sandbox/VM is a must.

Edit:

Technically, you could probably run Google  Auth on your desktop, but you would need to use Android emulation software.

There are tools like WinAuth which does the same thing without the need to emulate android. But do not use it on your main PC as it defeats the purpose.

[itsAj]

You have a keylogger or trojan on your computer. You must format.

[mecc]

You can use winauth on an offline laptop or netbook. You can also run it with wine.

https://code.google.com/p/winauth/
http://askubuntu.com/questions/177192/how-do-i-create-a-32-bit-wine-prefix

wine 32 prefix is something you have to do to run it in linux if that's your preferred OS

[acs267]

Haven't this happened before, but on Cryptsy I think? Some person's account got hacked and the thief actually was able to take over their computer, or something like that. Didn't touch their E-Mail to make it less suspicious. Converted all of their coins into BlackCoin I think and sold them for sats.

[fox19891989]

Did u try turn on 2FA?

With 2FA still has risk of being stole at bittrex.Someone has reported this fact
http://highoncoins.com/cryptocurrency-trading-tips/do-not-use-two-factor-authenticatoin-with-bittrex/

https://bitcointalk.org/index.php?topic=770522.0

so you turned off 2FA because of risk?