//edit:
ups i see that the older thread was reactivated by CryptoReclaim.
since nguadien was still active at least in summer 2019 there might be some feedback.
Topic: BITTREX account HACKED - having 2FA ON (Read 244 times)
how did this story end? i think you will have gone back and asked for more information from bittrex or?
//edit:
ups i see that the older thread was reactivated by CryptoReclaim.
since nguadien was still active at least in summer 2019 there might be some feedback.
//edit:
ups i see that the older thread was reactivated by CryptoReclaim.
since nguadien was still active at least in summer 2019 there might be some feedback.
Thank you.
I submitted a ticket ASAP and they replied that they are escalating you to a specialist to better assist me.
But my hope is not high, as for cases like this exchanges would not often give back the lost money. I feel so sad because I am in a large debt right now, so basically now I have nothing but debt. What intrigues me is that my 2FA is still running till now, and my email reported no case of Login as well. Also my email does not report any new devices logged in or any new location logged in.
I see it as a backdoor from thay exchange . Its sad to hear your story, but they are the one who can explain to you what is really happen. That 1 btc not small amount and there many holes from thier side why this things happen. I submitted a ticket ASAP and they replied that they are escalating you to a specialist to better assist me.
But my hope is not high, as for cases like this exchanges would not often give back the lost money. I feel so sad because I am in a large debt right now, so basically now I have nothing but debt. What intrigues me is that my 2FA is still running till now, and my email reported no case of Login as well. Also my email does not report any new devices logged in or any new location logged in.
Hey. Ok, so the case is closed and you're not getting your money back. Accept that and move on. I'm not going to beat you up over this since you seem to have learnt your lesson. It's tough to take now but get over it and you will see in time that this was a worthy price to pay to learn a lesson you won't forget.
Two years, it's a long time, but not the end of the world. Come clean with your family, you made a mistake, they'll be ok with you. Two years and you get it back, plus the valuable lesson.
And in case you forget: only you and you alone should be responsible for your Bitcoin. Never ever again store Bitcoin on an exchange or any service.
If you can, when you can, get Bittrex to tag the address that withdrew. You never know... Could be idiot enough to deposit back and the account held. Or at very least blacklisted.
Two years, it's a long time, but not the end of the world. Come clean with your family, you made a mistake, they'll be ok with you. Two years and you get it back, plus the valuable lesson.
And in case you forget: only you and you alone should be responsible for your Bitcoin. Never ever again store Bitcoin on an exchange or any service.
If you can, when you can, get Bittrex to tag the address that withdrew. You never know... Could be idiot enough to deposit back and the account held. Or at very least blacklisted.
Quote
Hi,
Thank you for your inquiry.
Actions performed in the reported unauthorized access to your account required access to your email. Please make sure to secure your email account.
Please know that we take each of these reports seriously, and that we have investigated potential causes of your loss of funds. Based on information you provided and other information that we have gathered, it is clear that your login credentials (username/password combination) were lost outside of the Bittrex environment. In other words, someone stole your credentials and logged in masquerading as you. It is most likely that you (a) visited a phishing site that is designed to look and behave like Bittrex’s site (see the example below), (b) that someone has compromised your email and/or wireless mobile device account, or (c) that you used the same username/password combination for another site or service that was compromised. In each of these scenarios, the people who logged into your Bittrex account and moved your funds had already obtained your valid login credentials before they visited the Bittrex site. This is one of the hardest forms of account compromise to combat because there is no way for Bittrex to identify unauthorized parties when they are using your valid credentials.
We have observed that sometimes this type of compromise happens when a user accidentally downloads a malicious application to their phone or mobile device. As mentioned above, we have also observed several examples of phishing sites appearing on Google and other search results for “Bittrex.” Here is an example that shows the fake Bittrex sites along with the real sites.
When users click on links to these sites, they are tricked into providing their login credentials, which the phishing site owners immediately use to log into Bittrex and to conduct trades or withdrawals that move funds out of your account. These are sophisticated attacks that are very difficult, if not impossible, to reliably detect or stop in real-time. The only reliable way to prevent this from happening is to vigilantly secure your login credentials and to change them often.
While we are sorry that your funds were lost, it is ultimately your responsibility to maintain the security of your login credentials. There really is no way to recover your funds at this time. If you have not already done so, we strongly encourage you to do the following:
Always browse directly to https://www.bittrex.com instead of searching for it.
Review your recent browsing history to identify whether you unintentionally visited and surrendered your credentials to any phishing site.
Scan your computer and mobile devices for malicious software.
Change all of your passwords, and take steps to secure your other online accounts.
Change your Bittrex password to a unique and complex password that is not used anywhere else.
Check with your wireless provider to make sure that you have set your wireless account to require a unique PIN in order to make modifications to authorized users of your service.
Enable two-factor authentication on your Bittrex account, and if it was already enabled, disable and re-enable it.
Report the event to your local law enforcement and encourage them to contact us if they need additional information about the incident.
If you have disabled your account, please reply here once you have changed your password and secured your account with two-factor authentication.
If you would like to view your account logon history to conduct research about what happened at the time of compromise, you can view it by clicking “Settings->Summary.” Below you will find a copy of the relevant logs.
Time Stamp
Address
User Agent
Activity
09/05/18 22:10:05
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
LOGIN
09/05/18 22:09:55
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
LOGIN_B4_2FA
09/05/18 22:09:44
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
VERIFY_NEW_IP
09/05/18 22:09:17
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGIN
09/05/18 22:08:37
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGIN_B4_2FA
09/05/18 22:08:08
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGOFF
09/05/18 22:08:08
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS
Again, we are very sorry that this happened to your account. If you have any further questions, please do not hesitate to contact us again.
Best Regards,
Thank you for your inquiry.
Actions performed in the reported unauthorized access to your account required access to your email. Please make sure to secure your email account.
Please know that we take each of these reports seriously, and that we have investigated potential causes of your loss of funds. Based on information you provided and other information that we have gathered, it is clear that your login credentials (username/password combination) were lost outside of the Bittrex environment. In other words, someone stole your credentials and logged in masquerading as you. It is most likely that you (a) visited a phishing site that is designed to look and behave like Bittrex’s site (see the example below), (b) that someone has compromised your email and/or wireless mobile device account, or (c) that you used the same username/password combination for another site or service that was compromised. In each of these scenarios, the people who logged into your Bittrex account and moved your funds had already obtained your valid login credentials before they visited the Bittrex site. This is one of the hardest forms of account compromise to combat because there is no way for Bittrex to identify unauthorized parties when they are using your valid credentials.
We have observed that sometimes this type of compromise happens when a user accidentally downloads a malicious application to their phone or mobile device. As mentioned above, we have also observed several examples of phishing sites appearing on Google and other search results for “Bittrex.” Here is an example that shows the fake Bittrex sites along with the real sites.
When users click on links to these sites, they are tricked into providing their login credentials, which the phishing site owners immediately use to log into Bittrex and to conduct trades or withdrawals that move funds out of your account. These are sophisticated attacks that are very difficult, if not impossible, to reliably detect or stop in real-time. The only reliable way to prevent this from happening is to vigilantly secure your login credentials and to change them often.
While we are sorry that your funds were lost, it is ultimately your responsibility to maintain the security of your login credentials. There really is no way to recover your funds at this time. If you have not already done so, we strongly encourage you to do the following:
Always browse directly to https://www.bittrex.com instead of searching for it.
Review your recent browsing history to identify whether you unintentionally visited and surrendered your credentials to any phishing site.
Scan your computer and mobile devices for malicious software.
Change all of your passwords, and take steps to secure your other online accounts.
Change your Bittrex password to a unique and complex password that is not used anywhere else.
Check with your wireless provider to make sure that you have set your wireless account to require a unique PIN in order to make modifications to authorized users of your service.
Enable two-factor authentication on your Bittrex account, and if it was already enabled, disable and re-enable it.
Report the event to your local law enforcement and encourage them to contact us if they need additional information about the incident.
If you have disabled your account, please reply here once you have changed your password and secured your account with two-factor authentication.
If you would like to view your account logon history to conduct research about what happened at the time of compromise, you can view it by clicking “Settings->Summary.” Below you will find a copy of the relevant logs.
Time Stamp
Address
User Agent
Activity
09/05/18 22:10:05
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
LOGIN
09/05/18 22:09:55
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
LOGIN_B4_2FA
09/05/18 22:09:44
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
VERIFY_NEW_IP
09/05/18 22:09:17
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGIN
09/05/18 22:08:37
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGIN_B4_2FA
09/05/18 22:08:08
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_LOGOFF
09/05/18 22:08:08
125.212.220.124
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
UNKNOWN_IP_WITHDRAWAL_2FA_SUCCESS
Again, we are very sorry that this happened to your account. If you have any further questions, please do not hesitate to contact us again.
Best Regards,
Bittrex closed the case, ignoring my questions about 2FA problems. For me, the loss is too big (which gives me a real-life 20000 USD debt to pay, now I spend more time working to pay my debt off than trying to get back my money or arguing with Bittrex).
More information:
1. Gmail history: No strange login through September, October.
2. Gmail devices: No strange devices, no new devices through September, October.
3. Gmail security: 2-Step Verification is on since 15 Dec 2017, with Google sign-in prompt and Authenticator app.
4. Gmail Bittrex Login Notification: During the hack (4 Sep 18, I received no Google sign-in prompt, no email about Bittrex Login Notification)
The grief overwhelmed me so much because 20000 USD is the amount I can only make in 2 years non-stop working. I considered committing suicide so many times, but I don't have the balls to go through, and also I have a wife and a daughter. They need me in life to live properly, not to pay my debt for me after I die and my daughter growing up without a father.
I feel so sad that my strength left me, it took me a lot of sleep, crying and going to work like a zombie then checking everything again and again before writing this reply.
If you need more info, just ask. If I have the strength and time to answer, I will reply you guys anything I know.
Check the time of withdrawal OP, are you online around that time? If no then there is a time for a hacker to delete any mails from Bittrex for you not to checked it while they doing some withdrawals to avoid being disturbed by you.
Gmail requires verification from new login so it's weird that someone logged your account somewhere unless it's recognized your usual IP. I think the suspect* knows you or just around you.
If you are sure that everything was properly in placed then Bittrex might f***ed you up. But since no evidence can proved it then all will just be a speculation. Let see how Bittrex will handle your situation.
Please share their responses here once you received an answer. I will follow this thread.
Assuming all statements are correct, then the most plausible explanation is that device information and IP information remained the same, therefore not triggering 2fa, although I use Bittrex and every login, even from the same IP and device, will send an automated email regardless. If person who accessed also had email access, could have deleter, but highly unlikely to have both email and exchange account.
Cloning mobile phones seems to be on the rise, ever leave your phone for repair OP?
Cloning mobile phones seems to be on the rise, ever leave your phone for repair OP?
Dude, it comes from your side for sure. Your email account has been hijacked, the person had access to, received the mail, clicked it, and then delete it. In your shoes, I would check the login history from your email provider (some do), check if there is any forwarding rule, or remote access) and of course change your password.
@OP, does this mean that if you're in the same location or something, you don't need a verification?
if use the same IP and same device they do not send the code by sms, but if the person uses a different IP and a different device, then they send sms with the code.So, I ask again how could the supposed hacker access the OP email?
I only see one possibility, someone used the OP device
If he didn't receive any code or prompt, then he should take this one in consideration, especially if there is someone who also uses the same device. I only see one possibility, someone used the OP device
so the problem is on their side, how would it be possible to withdraw bitcoins from your bittrex account without sending email with link to the withdrawal authorization?
In general situation, it is possible that the site sent an Email, but the hacker was able to access the Email account and deleted all the traces.However, in OP's situation, it's quite weird because his email account was tied in his mobile phone which makes it harder to hack. Just want to clarify about this:
5. My gmail need mobile verification to login, an on those time I did not have to confirm any new location Gmail login
@OP, does this mean that if you're in the same location or something, you don't need a verification? answering this question: " @OP, does this mean that if you're in the same location or something, you don't need a verification? "
if use the same IP and same device they do not send the code by sms, but if the person uses a different IP and a different device, then they send sms with the code.
So, I ask again how could the supposed hacker access the OP email?
I only see one possibility, someone used the OP device
Even though I'm sure that they could be at fault, there is simply no solid evidence on your side to accuse them of any wrongdoing. And even if there was, it's very unlikely that Bittrex would compensate you for your losses.
They don't want to set a precedent, otherwise in the future there will be consequences for them to have to refund all hacks.
Next time, make sure that you withdraw all funds that you exchanged on an exchange platform as soon as possible, because exchanges are not safe places to store cryptos. Store it on a decentralized, trustless wallet if possible, or even a light node/remote node would be better than having to store it on exchanges. You could tell them to investigate further about how did this, but even then your chances of recourse is extremely low.
They don't want to set a precedent, otherwise in the future there will be consequences for them to have to refund all hacks.
Next time, make sure that you withdraw all funds that you exchanged on an exchange platform as soon as possible, because exchanges are not safe places to store cryptos. Store it on a decentralized, trustless wallet if possible, or even a light node/remote node would be better than having to store it on exchanges. You could tell them to investigate further about how did this, but even then your chances of recourse is extremely low.
so the problem is on their side, how would it be possible to withdraw bitcoins from your bittrex account without sending email with link to the withdrawal authorization?
In general situation, it is possible that the site sent an Email, but the hacker was able to access the Email account and deleted all the traces.However, in OP's situation, it's quite weird because his email account was tied in his mobile phone which makes it harder to hack. Just want to clarify about this:
5. My gmail need mobile verification to login, an on those time I did not have to confirm any new location Gmail login
@OP, does this mean that if you're in the same location or something, you don't need a verification? No matter which angle i do saw on the situation only the access on email would really be the hole on such compromised incident. Hacker might able to access the email and deleted history of logging in notification just as mentioned above.
so the problem is on their side, how would it be possible to withdraw bitcoins from your bittrex account without sending email with link to the withdrawal authorization?
In general situation, it is possible that the site sent an Email, but the hacker was able to access the Email account and deleted all the traces.However, in OP's situation, it's quite weird because his email account was tied in his mobile phone which makes it harder to hack. Just want to clarify about this:
5. My gmail need mobile verification to login, an on those time I did not have to confirm any new location Gmail login
@OP, does this mean that if you're in the same location or something, you don't need a verification? But my hope is not high, as for cases like this exchanges would not often give back the lost money. I feel so sad because I am in a large debt right now, so basically now I have nothing but debt. What intrigues me is that my 2FA is still running till now, and my email reported no case of Login as well. Also my email does not report any new devices logged in or any new location logged in.
so the problem is on their side, how would it be possible to withdraw bitcoins from your bittrex account without sending email with link to the withdrawal authorization?
This is what happens when someone logs in with IP different from the previous one:
Thank you.
I submitted a ticket ASAP and they replied that they are escalating you to a specialist to better assist me.
But my hope is not high, as for cases like this exchanges would not often give back the lost money. I feel so sad because I am in a large debt right now, so basically now I have nothing but debt. What intrigues me is that my 2FA is still running till now, and my email reported no case of Login as well. Also my email does not report any new devices logged in or any new location logged in.
I submitted a ticket ASAP and they replied that they are escalating you to a specialist to better assist me.
But my hope is not high, as for cases like this exchanges would not often give back the lost money. I feel so sad because I am in a large debt right now, so basically now I have nothing but debt. What intrigues me is that my 2FA is still running till now, and my email reported no case of Login as well. Also my email does not report any new devices logged in or any new location logged in.
Maybe ask the site?
Today I logged into Bittrex to see that my account has almost no balance.
I checked my WITHDRAWAL HISTORY and saw that on 2018/09/04 21:59:06, there was a transaction 1.04294260 btc to address 154S7gFkomrXyABgs1i8XWmAKhUCcfRkcz
There are also 0.01135790 btc to address 154S7gFkomrXyABgs1i8XWmAKhUCcfRkcz on 2018/09/04 22:01:30, and 0.00653546 btc to address 182JPuxQgTzHX8ZSo44SFa32uLLy7qgHqG on 2018/09/06 05:08:08
There are many problems here:
1. I did not have any Bittrex Login Notification email on 2018/09/04 or 2018/09/06 (which mean I did not login or having any actions of login to Bittrex on those time)
2. I still have my 2FA on
3. All of my API keys do not have Withdraw permission
4. I did not have any sessions of using Bittrex on those time
5. My gmail need mobile verification to login, an on those time I did not have to confirm any new location Gmail login
6. I did not change or disable my 2FA for months, until now.
I feel very sad that I logged in to my Bittrex rarely these days, being confident that my F2A will keep my Bittrex safe. I still don't understand how could hackers logged in to my account without 2FA or triggering a notification email, and performed 3 transactions without needing to input my 2FA.
I am very confused right now as my altcoins are bought from low price, and I am holding my bags. I logged in today to refresh my orders, and what I get is an empty account.
I checked my WITHDRAWAL HISTORY and saw that on 2018/09/04 21:59:06, there was a transaction 1.04294260 btc to address 154S7gFkomrXyABgs1i8XWmAKhUCcfRkcz
There are also 0.01135790 btc to address 154S7gFkomrXyABgs1i8XWmAKhUCcfRkcz on 2018/09/04 22:01:30, and 0.00653546 btc to address 182JPuxQgTzHX8ZSo44SFa32uLLy7qgHqG on 2018/09/06 05:08:08
There are many problems here:
1. I did not have any Bittrex Login Notification email on 2018/09/04 or 2018/09/06 (which mean I did not login or having any actions of login to Bittrex on those time)
2. I still have my 2FA on
3. All of my API keys do not have Withdraw permission
4. I did not have any sessions of using Bittrex on those time
5. My gmail need mobile verification to login, an on those time I did not have to confirm any new location Gmail login
6. I did not change or disable my 2FA for months, until now.
I feel very sad that I logged in to my Bittrex rarely these days, being confident that my F2A will keep my Bittrex safe. I still don't understand how could hackers logged in to my account without 2FA or triggering a notification email, and performed 3 transactions without needing to input my 2FA.
I am very confused right now as my altcoins are bought from low price, and I am holding my bags. I logged in today to refresh my orders, and what I get is an empty account.
Jump to: