Topic: HITBTC - LOSS OF MONEY / SCAM / THIEVES - page 2. (Read 1329 times)

Its quiet odd that you got hacked even the 2fa have been enabled.I have read the same situation too on which he had activated on his 2fa too but still his account on an exchange have been still hacked.I don't know how those hackers could able to crack it out knowing that 2fa verifications is impossible to bypass if you don't really have the access on it.Even if you have been phished accessing with 2fa would be hard.

Just re-did the math on the time differential from when I received the login notification email from hitbtc and when my funds were sold.  I thought it was just a few minutes before it happened and said that above.  I was wrong and Daniel was right.  I also didn't even get the email until almost a full hour after the liquidating sales.  That's ridiculous. Extremely convenient for the hacker though!

2FA does not always give you perfect security.

Do you live with someone that would have the chance to steal the money off your account without having to go through all the 2FA and password entering process? That could be a possibility that you should consider.

Though, since they sent the login notification an hour late this is pretty shady. I don't think you will be able to get your money back though as you can't prove them to be scammers.

The webpage is down! what the hell is going on???

pinkflower - I can't speak for Daniel, but I did not have 2FA activated and never said I did.  I did say that my entire account was liquidated and withdrawn and that is what happened.  I received a successful login from new ip address email from Hitbtc but that did nothing since my account was gone only minutes later.  But what difference does that make?  It's the form letter I got back 8 minutes after I sent in my ticket that has me angry.  Go up to Daniel's post and read it again.  That's exactly what I received with the same misspelling of the word "suppressed".   How would they know if I went to a site called hittbtc.com?  I have nothing in my history that shows that.  When I tried to visit that site after I got their email, the security features on the company laptop that I use wouldn't even let me access it.  Also, I don't enter the domain name myself, I google it first.  Googling hiitbtc.com doesn't give any results, it defaults to hitbtc.com.  Then when I did try to type the site directly into the search bar on my phone it goes directly to the verified hitbtc.com site, which tells me they have acquired the domain.  The last registration of this domain was 9/16.  If Hitbtc acquired this website on 9/16 they did so because they knew it had been a phishing site, but then they didn't inform customers through any type of communication?  And then we're hacked on 9/19?

I have no history of this site, and a company laptop that wouldn't let me access the site they claim I accessed.  They have made no communication of accounts being compromised by this site or communicated to customers to change their passwords even now despite their form email confirming that there have been multiple hacks and multiple accounts affected.  This is a scumbag website.  Sorry I had not activated my 2FA, but I had only had the account for 2 weeks and even basic security measures (an email confirming the access from a new ip address as an example, or an email confirming a withdrawal to a new address) could have prevented this from happening.  I have accounts with five different exchanges and based on the basic protections of all the other accounts I have this never could have occurred.  Then they send me a form letter and don't even investigate the matter as it's own incident?  This is a scumbag site, and the whole thing smells very fishy.  It smells of someone on the inside wiping out accounts that don't have 2FA activated and then making a bogus claim that the user caused it by accessing a phishing site.

Sorry that everyone has to have a first post sometime, but I think you're questioning the wrong party. 

Sorry for what happened, but did you really have 2FA activated? It would be almost impossible for the hacker to log in your account and withdraw for BTC if you had it activated. Its very easy to create a new account in the forum and make up a bunch of posts.


 

This situation is dangerous, and if you check every link is correct, then it could be an exchange problem

Daniel -

Same thing happened to me.  Funds liquidated into btc and withdrawn yesterday.  I got the same bs message from them today.  I know it's not true because I never experienced any type of a glitch logging in and have nothing in my history.  I've only had the account with them for three weeks. There's nothing in google that it ever even existed, and the security that my company uses on the laptop that I use won't even allow me to access that site.  It's very obvious Hitbtc is using this as an excuse to deny any liability of the matter.  If it is even true that there was a phishing site, then why haven't they notified their customers to make them aware and have them change their passwords? 

Everything about it is very fishy.  Please let me know if you hear anything more from them, or hear of any others that had the same thing happen to them.  I think they were hacked and this is there way of covering it up.  Blaming it on user error is much better for business than publicly admitting that someone either got into your system or breached you from the inside.  But I am absolutely certain in this case that it wasn't user error.

LP

I had many small crypto bought at HitBTC, and some bigger crypto also.
I had 2FA login security activated, so only I can access my account.
Suddenly, 16.09.2017 somebody logged into my account (email with login alert came after 1h from login?! - first bullshit)
Somebody using IP adress from Switzerland sold everything and changed it into BTC - 0.49 - and then he transfered it outside.
How is it possible to login to an account with 2FA, when only I have it on my Android ?
How is it possible to steal someone money with e-mail notifications ? (I had no gmail logging history of any unknown IP - only mine)
HITBTC is a SCAM, THIEVES and fucking losers, because this is what happend when they answered me:

"Eugene Moura (HitBTC)
Sep 20, 09:28 WEST
Dear Trader,
Thank you for reaching out!
Looks like someone has the access to your account, and we are terribly sorry to hear that.
This is the worst experience one could have, because it is not possible to return your money as now they’re part of the blockchain.
We have held the investigation with the recent hacking attacks. Judging by the facts that we found, we came to the conclusion that before the attack, all the victims were on a phishing site http://hiitbtc.com/.  Which was used to steal the email addresses and passwords in order to gain access to HITbtc accounts. The criminal activity of hiitbtc.com has already ben suppessed. Unfortunately, it is out of our hands to refund your money.
Please note that http://hitbtc.com is the only legitimate HitBTC domain.
Regards,
Eugene Moura
HitBTC Support team"


Can You imagine that I have never visited any site like HIITBTC in my whole internet browser history? I use Google Chrome.
Anyway, someone thinks that I did.


What are Your suggestions to help me ?