hero18688 (OP)
|
|
October 01, 2014, 11:24:51 AM Last edit: October 02, 2014, 06:45:53 AM by hero18688 |
|
5 days ago.1.2 btc was stolen from my account at bittrex.I just noticed this yesterday.Because no withdraw notification had sent to my email.I left about 1 btc for trading at bittrex and some altcoins.The motherfucking hacker logged in my account sold all the altcoins for btc and buy Darkcoin with my btc.Then he utilize the BC-DRK market for laundering.There is no withdrawal notification to me.It's much smarter than hacking your account and withdraw all your coins. I asked bittrex support for help,but they are helpless at all.Form what they said,even with 2FA,there is no guarantee for safety there. The safest way is to withdraw btc from bittrex! Conversation between me and bittrex owner: https://bittrex.zendesk.com/hc/en-us/requests/10017Update:I just found that my cryptsy account has been robbed,too,Lost 0.12btc there.He used sbc-ltc to drain my fund One thing for sure.I did use different password on both sides.This is the motherfucking asshole'IP.Maybe a proxy. 129.123.7.6 LOGAN, UTAH, UNITED STATES 2014-09-24 14:18:39 EST 0.5 btc bounty for tracing back my fund.Right now I am needing some advice: 1、Should I continue using the same account on bittrex and cryptsy.Password changed of course. 2、Finding a suitable antivirus or security apps for miners and altcoin traders.Some apps like to report mining programs or wallets as virus,trojan.
|
|
|
|
bathrobehero
Legendary
Offline
Activity: 2002
Merit: 1051
ICO? Not even once.
|
|
October 01, 2014, 11:26:55 AM |
|
2FA all day, every day and don't run any executables (wallets/miners/tools) without sandbox or VM.
|
Not your keys, not your coins!
|
|
|
david1365
Legendary
Offline
Activity: 994
Merit: 1000
|
|
October 01, 2014, 11:28:56 AM |
|
Did u try turn on 2FA?
|
|
|
|
|
bathrobehero
Legendary
Offline
Activity: 2002
Merit: 1051
ICO? Not even once.
|
|
October 01, 2014, 11:50:39 AM |
|
"Somehow, the hacker was able to get the password of my friend’s account to get access to his Bittrex account. Then, somehow he was able to get the correct code of TFA to withdraw all the money." I don't think there is an e-mail based 2FA at bittrex (which is useles) and getting through phone based 2FA doesn't just happen. Maybe the attacker stole your browser's already logged in session? I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.
|
Not your keys, not your coins!
|
|
|
hero18688 (OP)
|
|
October 01, 2014, 12:05:26 PM |
|
I noticed other exchanges logging me out if my IP changes, but bittrex doesn't.
Yes.And bittrex allow buying and selling within the same account which is convenient for pump&dumpers but also for hackers.
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
October 01, 2014, 01:08:53 PM Last edit: October 01, 2014, 01:58:54 PM by mishax1 |
|
I wonder if some more reports will pop up after this..
|
|
|
|
SalimNagamato
Legendary
Offline
Activity: 924
Merit: 1000
|
|
October 01, 2014, 01:11:39 PM |
|
conclusion: don't keep YOUR coins in the exchange. no one is learning from what happened in cryptorush, mintpal, mtgox... ? nothing is 100% secure send to exchange only when you want to sell/buy. it will also might give your coins some more value
|
not hashing, folding and curing (check FLDC merged-folding! reuse good GPUs)
|
|
|
KidCrypto
|
|
October 01, 2014, 03:43:31 PM |
|
I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.
|
|
|
|
Amph
Legendary
Offline
Activity: 3248
Merit: 1070
|
|
October 01, 2014, 03:46:00 PM |
|
checks your rig/pc, it's infected for sure
|
|
|
|
Jerrietg
|
|
October 01, 2014, 03:59:52 PM |
|
have you contact bittrex ask the reason , i think they can help you ,
|
|
|
|
hero18688 (OP)
|
|
October 01, 2014, 04:12:28 PM |
|
have you contact bittrex ask the reason , i think they can help you ,
Did you read my post? I already posted the link to my conversion with bittrex.They are helpless!
|
|
|
|
bathrobehero
Legendary
Offline
Activity: 2002
Merit: 1051
ICO? Not even once.
|
|
October 01, 2014, 04:12:40 PM Last edit: October 01, 2014, 04:22:48 PM by bathrobehero |
|
I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.
There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control.
|
Not your keys, not your coins!
|
|
|
hero18688 (OP)
|
|
October 01, 2014, 04:15:37 PM |
|
checks your rig/pc, it's infected for sure
I have installed eset security long ago and keeping update.Which antivirus program are you recommending.I've tried others but they like to report wallet/miner as virus.
|
|
|
|
KidCrypto
|
|
October 01, 2014, 04:17:20 PM |
|
I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.
There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control. Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex? Thank you
|
|
|
|
bathrobehero
Legendary
Offline
Activity: 2002
Merit: 1051
ICO? Not even once.
|
|
October 01, 2014, 04:24:45 PM |
|
I went to set up 2FA but I do not have a mobile device. Are you required to have a mobile device to set 2FA up? I can't seem to find any other way.
There are tools for PC that does the same thing although that kind of defeats the purpose because if your PC get compromised the attacker can use that tool just as well. At the very least you should use similar tools from another PC physically, without remote control. Thanks for your reply.. but I thought 2FA meant I would get an email to confirm before I can log in? So if someone knows my bittrex password they still can't access my account. They would also need my email credentials to verify the login. Does anyone know if this or something similar is this an option with bittrex? Thank you Welll, technically 2FA can mean email verification instead of phone verification but that's not what I meant. If your PC got compromised, chances are the attacker also has access to your e-mail account as well which means you're done and he can do whatever he want. I lost my fair share because of my own stupidity and I went through the hoops with the support of an exchange but I can't really blame them for this kind of situations. My PC got compromised with certain passwords saved among an email address without phone 2FA so really, I kind of deserved what I got and I'm just glad that I haven't lost everything. 2FA, sandbox/VM is a must. Edit: Technically, you could probably run Google Auth on your desktop, but you would need to use Android emulation software. There are tools like WinAuth which does the same thing without the need to emulate android. But do not use it on your main PC as it defeats the purpose.
|
Not your keys, not your coins!
|
|
|
itsAj
|
|
October 01, 2014, 04:26:57 PM |
|
You have a keylogger or trojan on your computer. You must format.
|
|
|
|
|
acs267
|
|
October 01, 2014, 04:54:35 PM |
|
Haven't this happened before, but on Cryptsy I think? Some person's account got hacked and the thief actually was able to take over their computer, or something like that. Didn't touch their E-Mail to make it less suspicious. Converted all of their coins into BlackCoin I think and sold them for sats.
|
|
|
|
fox19891989
|
|
October 02, 2014, 01:53:18 AM |
|
so you turned off 2FA because of risk?
|
|
|
|
|