Author

Topic: Bittrex User Narrates How He Almost Lost His Funds To A Phishing Site (Read 585 times)

legendary
Activity: 1330
Merit: 1003
Every day there is a new post/thread about someone losing their hard-earned coins to one of these fake phishing sites.
It is sad, really, that there are people out there who think robbing from others will improve their lives.
What ever happened to making a good, honest living?
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
That's common way to trick users, put ads about their link on search engine. We've seen this type of scam hundred time from electrum, blockchain.info, myetherwallet, electron cash and many more (website that scammer clone with similar domain).
But 2FA, adblock or add-ons that warn/block suspicious website help a lot in this case.

Instead of using Google, bookmark the Bittrex login url, and then you'll basically always go to the right site.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
Not giving two shits about opening a third party website for reading a simple article.You are also promoting your blog by spamming links to the article everywhere,you know it is not allowed and you'd get a warning from moderators soon.If you really want to share,just tl;dr the post here or put it in quotes.Free advertising is not allowed especially if you're spamming links.
 
hero member
Activity: 644
Merit: 500
not only bittrex
phising can attack all exchanger, not only exchanger myetherwallet same accident too about phisng attack, so is not big news
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
that's what happens when we dont pay attention on what we do. The guy was fortunate enough that he found out thst he was going to be a victim of a phishing attack . We should always look out on the domains when we pass personal information on websites. Hackers are out there everywhere to look for small fishes to enter their information on their websites and grab their money from their accounts. So pay attention on the internet and secure yourself.
hero member
Activity: 1008
Merit: 531

I think a huge part of the problem is that google is allowing these sorts of ads to pop up on their search engine when someone searches up bittrex. I remember in the past bitcoin mixers were targeted, for example bitmixer and bitblender.

Google needs to ban these types of ads, and people really need to be more careful when they type in the URL of a web address. I mean how is it even possible that the guy typed in l instead of i in the first place? They're like on completely different rows -_-

I believe that bittrex also has some responsibility in preventing fraud from happening by registering all similar URLs beforehand so that it redirects to the legit site.

He did not directly mistype the letters. Rather he conducted a google search, and probably spelt the name bittrex wrong in another way. But google decided to give him a malicious phishing ad(as they always do for some reason, as you said).

This is a problem that needs to be solved for google and imo google should be liable for any damages that has been done to the victim by the phishing site. It's funny how they filter out inappropriate stuff on youtube without second thoughts but let scammers and con artists advertise their sites openly.

At least this guy had some brains and realised before it was too late. Others probably won't realize until their balance is completely gone, and then complain about it in public saying that they had enabled 2fa and their account got hacked blablabla but in reality it's just that they went on a phishing site and gave everything away voluntarily. ALWAYS, check the url, espcially when dealing with known cases such as bittrex, bitmixer(in the past anyways), etc.
sr. member
Activity: 532
Merit: 250

I think a huge part of the problem is that google is allowing these sorts of ads to pop up on their search engine when someone searches up bittrex. I remember in the past bitcoin mixers were targeted, for example bitmixer and bitblender.

Google needs to ban these types of ads, and people really need to be more careful when they type in the URL of a web address. I mean how is it even possible that the guy typed in l instead of i in the first place? They're like on completely different rows -_-

I believe that bittrex also has some responsibility in preventing fraud from happening by registering all similar URLs beforehand so that it redirects to the legit site.
sr. member
Activity: 868
Merit: 259
I have also seen somewhere in this forum, One guy with 2fa enabled lost all of his funds from bittrex. Might be he has also entered his details in one of the bittrex phishing sites like this one. There are different sites which are just set up to stole user credentials for different exchange platforms and wallets. We users have to be careful like the guy in the story.  Wink

I dont believe him. How do you think can a hacker can bypass 2FA unless the site itself has a bug or it has a vulnerability? Its close to impossible, if not impossible to guess 6 numbers in the right order that changes every 30 seconds.

If he was hacked and his BTC was stolen then he didnt have 2FA on.
hero member
Activity: 1148
Merit: 500
That's why you have to be more careful when logging in to your accounts. I've seen same case with the victim. But not bittrex, it's a mixing service bitmixer. Usually the original site was bitmixer.io. But instead it's bitmixer.com. That's very confusing especially to newbies. So i suggest enter the correct URL directly if you know it. Delete other search engine extensions to your browser. Sometimes they screwing with you. So better rid them.

member
Activity: 96
Merit: 10

Interesting. Everyone should be wary of phishing sites. I've seen a few myself, some are phishing sites for email and social media accounts too.
legendary
Activity: 3542
Merit: 1352
That's why I don't trust Google Search anymore. It's very easy for scammers to pay Google to get their site to the top irregardless of how many visitors the site is actually getting. The PageRank algorithm that Google uses is superb, at least back in the day. But now? It's crap. Right now, careful checking is really needed before you enter any information that includes your financial details and such.

Checking domain names is the first step to avoid phishing attacks, however homograph and Punycode websites are still up as of these days and can still be a way for scammers to imitate a legit site. The domain names of the legit and the scam site are similar on the search bar of your browser (particularly Chrome) but if you try to paste the domain name to your local notepad, you can see that the domain name is masked by deceptive unicode characters that appear as plain letters in browsers. Most people would be tricked by this especially those who aren't really familiar on how homograph and Punycode works in browsers.

Not so pro tip, use duckduckgo for searching.
newbie
Activity: 30
Merit: 0
This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
2FA is the simplest and most effective solution to completely prevent account theft.
The procedure is extremely straight forward, you use a smartphone app that generates temporary codes. What about it don't you comprehend?

Being unaware of 2FA is one thing, literally losing everything because you couldn't comprehend something a 12 year old can do is completely another.
Nothing is 100%. 2FA doesn't prevent a phisher logging on with your credentials, he just has to present you with a fake site, and pass along whatever details you give them in realtime. With Bittrex this is somewhat countered by having to be logged in for 2 minutes before withdrawing (so you have to put in a different 2FA code to what you logged in with, meaning that they cannot initiate a withdrawal), but it doesn't stop a smart phisher from playing the long game, hoping you don't realise you're being phished, and redirecting the funds the next time you're prompted to use 2FA (probably the next time you initiate a deposit or withdrawal yourself, or more riskily they pretend you were logged out and prompt you to login again).
jr. member
Activity: 59
Merit: 10
Just a thought. Before being allowed to withdraw any funds, why don't exchanges ask for another different password or confirmation via email?

When logging into Bittrex, bittrex send an email in case you didn't log in. That only work if one is online and watching their email account. It doesn't take long for a scammer to change the password.

This wouldn't really help that much as the hackers are using low volume coins to trade your funds away by buying high and selling low to accounts that they control.
legendary
Activity: 924
Merit: 1000
Just a thought. Before being allowed to withdraw any funds, why don't exchanges ask for another different password or confirmation via email?

When logging into Bittrex, bittrex send an email in case you didn't log in. That only work if one is online and watching their email account. It doesn't take long for a scammer to change the password.
sr. member
Activity: 420
Merit: 251
This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
2FA is the simplest and most effective solution to completely prevent account theft.
The procedure is extremely straight forward, you use a smartphone app that generates temporary codes. What about it don't you comprehend?

Being unaware of 2FA is one thing, literally losing everything because you couldn't comprehend something a 12 year old can do is completely another.
legendary
Activity: 1218
Merit: 1006
I have also seen somewhere in this forum, One guy with 2fa enabled lost all of his funds from bittrex. Might be he has also entered his details in one of the bittrex phishing sites like this one. There are different sites which are just set up to stole user credentials for different exchange platforms and wallets. We users have to be careful like the guy in the story.  Wink
hero member
Activity: 490
Merit: 501
This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.

MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
legendary
Activity: 938
Merit: 1001
This is a stressful situation really you passed through. We have always been admonishing crypto users to be careful while signing your accounts.
The moment he identified url he was going to allow credential leakage, was a bigger success in the world of scammers
member
Activity: 97
Merit: 10
ZyCrypto:Cryptocurrency Daily News /Coins Analysis
Jump to: