Pages:
Author

Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 10. (Read 22359 times)

legendary
Activity: 1288
Merit: 1000
yesterday my bittrex account was also hacked
14 btc were withdrawn through transactions with YBC and XDQ ://


That sucks man, sorry for your loss.

That makes 3 accounts accessed so far, there is a pattern forming.

Have you been in touch with bittrex?

Hmm, I'm starting to think that bittrex has been compromised.

I'm going to ask for proof that my account was accessed through my machine. I suggest you do the same.

This could be a bigger problem, than we think.
yes, they wrote me same as others "Unfortunately, there is nothing we can do to recover your funds" and "The attacker sold the coins from the same IP you typically login"

I think affected a lot more, but not all have understood it and found this thread

I think it's a lot more than just us three, that would put the blame on bittrex's side, ask them for your logs.

Did you have 2fa enabled?
full member
Activity: 225
Merit: 100
yesterday my bittrex account was also hacked
14 btc were withdrawn through transactions with YBC and XDQ ://


That sucks man, sorry for your loss.

That makes 3 accounts accessed so far, there is a pattern forming.

Have you been in touch with bittrex?

Hmm, I'm starting to think that bittrex has been compromised.

I'm going to ask for proof that my account was accessed through my machine. I suggest you do the same.

This could be a bigger problem, than we think.
yes, they wrote me same as others "Unfortunately, there is nothing we can do to recover your funds" and "The attacker sold the coins from the same IP you typically login"

I think affected a lot more, but not all have understood it and found this thread
hero member
Activity: 574
Merit: 500
It doesn't matter about the withdrawal, they set a high price on a coin that they own and dump your coins, then buy the coins from them selves, so no withdrawal.
This makes sense. It also means my exchange accounts are less secure than I thought.

I even see how anyone can profit from this: set a very high sale order on rare alt coins, and wait for a hacker to buy them all.

I have never heard of a keylogger existing on Linux
Keyloggers exist even in hardware:


I have 1/8th of a bitcoin at bittrex, and it already makes me nervous having so much at an exchange. People with 8 to 14 btc must be trading a lot, otherwise it is much safer to withdraw to your own wallet.
legendary
Activity: 1288
Merit: 1000
The thing is, that I haven't installed any wallets in the last few weeks, i've been keeping my coins on the exchanges.

Now there's been three hacks, it's puts suspicion that problem is on bittrex's end.

legendary
Activity: 1288
Merit: 1000
I just mailed the following to Bittrex:


Hi,

Please could you provide me with the logs my account as I wish to check weather or not my account was accessed from my machine.

So far there has been three people that have lost all their funds, that doesn't sound like a local machine that’s been compromised.

Leigh.

legendary
Activity: 1288
Merit: 1000
Here is the answer I've got Bittrex:

Quote
   

Ryan Hentz (Bittrex)

Apr 2, 19:08

Hi,

Our records show that all orders placed on your account were done so from your typical login ip. This means the attacker somehow has access to your machine. Have you installed any new software recently? This includes things like browser plugins.

The attacker also immediately withdrew the coins from his account via the api. There is no way to recover the funds.

Please make sure to enable 2fa to protect your account from being breached in this way.

Thank you,

Ryan


The whole day I'm trying to find any traces in my local machines. Nothing so far  Sad
Any findings, leigh2k14?

I haven't found a thing yet mate, ask bittrex for proof that your account was accessed from your machine

If they are lying to us then the problem is on their end.
legendary
Activity: 1288
Merit: 1000
yesterday my bittrex account was also hacked
14 btc were withdrawn through transactions with YBC and XDQ ://


That sucks man, sorry for your loss.

That makes 3 accounts accessed so far, there is a pattern forming.

Have you been in touch with bittrex?

Hmm, I'm starting to think that bittrex has been compromised.

I'm going to ask for proof that my account was accessed through my machine. I suggest you do the same.

This could be a bigger problem, than we think.
hero member
Activity: 1456
Merit: 579
HODLing is an art, not just a word...
this really sucks, i have to remember change my password and enable my 2fa, good thing is that i currently don't have anything on bittrex
hero member
Activity: 843
Merit: 1004
Here is the answer I've got Bittrex:

Quote
   

Ryan Hentz (Bittrex)

Apr 2, 19:08

Hi,

Our records show that all orders placed on your account were done so from your typical login ip. This means the attacker somehow has access to your machine. Have you installed any new software recently? This includes things like browser plugins.

The attacker also immediately withdrew the coins from his account via the api. There is no way to recover the funds.

Please make sure to enable 2fa to protect your account from being breached in this way.

Thank you,

Ryan


The whole day I'm trying to find any traces in my local machines. Nothing so far  Sad
Any findings, leigh2k14?
legendary
Activity: 1078
Merit: 1011
I had a small amount of alts on Bittrex that wasn't touched and I also didn't have 2FA enabled. I have since enabled it, but may move my few coins off there anyway. Cryptsy is still too fresh in my mind.
full member
Activity: 126
Merit: 100
It seems very weird. I feel sorry for all those who have lost funds. We need to immediately start a new thread here to deal with this issues. First thing is to get information from people who have lost to this hack. Second, they need to think and try to explain what they have done in the past two weeks like downloading apps, new website visits, browser extension installs, email subscriptions that they have made. So far, Bittrex since its beginning didn't fall into hacks. But it is happening now. People, please address your issues immediately.
full member
Activity: 225
Merit: 100
yesterday my bittrex account was also hacked
14 btc were withdrawn through transactions with YBC and XDQ ://
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
it wasn't random.. you were targeted but by whom?

First guys i would suspect are Bittrex staff.. but i doubt they are behind it.
But IT is possible !

And if you use similar passwords on other sites then i bet one of the other sites staff targeted you.
See how these places can not be trusted?

Or you got nailed with a keylogger maybe.. they get posted here occasionally in wallets.
downloading any sketchy altcoin wallets?

If my password was compromised Bittrex would be getting blamed.
I use Password Depot to generate complicated & advanced 24 char random passwords.
So no one is going to guess it..

PS:
Watch out for ransomware guys.. they are on pretty much all OS's these days now. (even Mac's)

Good advice!!

Also, I read a story on a hacker he said that if ppl use passwords that auto complete, the kind in keychains. Then you don't type in the passwords and
key loggers never see what your typing.

Even with my 2fa I wait till the last second to type them in incase I'm being logged.

I think these days rootkits can be very sophisticated and hard to detect.
Not sure it would help but there are things you can use to help thwart more simple keyloggers.
I once put one on my own PC to spy on my slutty ex-girlfriend.
The one i used was called "Steel Keylogger" and it was free etc. (worked good too)  Grin
Point being is i know you could see it running in the processes list.
So a good thing to know is what every process running does and then verify them all.. keep tabs on them!
Another thing you can try doing..
Windows comes with a pre-installed onscreen-keyboard you can use your mouse to click on letters.
Kaspersky Password Manager and Antivirus etc has one too pretty sure.
(any OS should have something similar)

I like Password Depot for many reasons..
First off i think you can use it free perm with up to 20 passwords (or buy / pirate it)
The Android version is free though and cool too.
One of the cool things it has is an easy to use high quality password generator.
(right click tray icon & hit generate password)

It also monitors your clipboard for spying (will alert you if something is sniffing your password & prompt you to act)
The Manager window is pretty cool too.. nice layout and easy enough to add entries manually.
It has browser plugin(s) Chrome/FF etc but even if those don't work or are not wanted you can still
tap on the tray icon once then right click the pass entry and hit copy name / pass etc
So you can choose to have them auto filled out on sites or do it manually.

There is tools for security out there learn them and use them !
If you can remember the password it's probably crap LOL

One thing you can do is Run Sysinternals Sigcheck (Windows)
It is a command line tool that check Authenticode Digial Cert's on various files (also supports VirusTotal lookups)
So it would give you a list of suspicious files to go and Google etc
Just an example of how much stuff is out there.. Sysinternals + Nirsoft are great free windows programs.
legendary
Activity: 1288
Merit: 1000
Just got this reply from bittrex: 

 Ryan Hentz (Bittrex)

Apr 2, 19:51

Hi,

We have looked into multiple accounts that were hacked in the same way as yours. All of the orders placed on these hacked accounts were done so from the users own machines as we have login data that shows this. The attacker also immediately withdrew the stolen funds via the api. The attacker seems to also be using a VPN as their account has lots of different ip's for the login

Have you installed any wallet software within the past couple of days? Another one of the users said they had installed some items and even saw that the attacked cleared their log files (they were on linux), it could even be something like a browser extension. Any changes to the system....

Thank you,

Ryan

Interesting that they mention multiple accounts - that means that more than two were hacked... It looks like they must have used some sort of bot. Too many to manually bruteforce.

Multiple!
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
Just got this reply from bittrex: 

 Ryan Hentz (Bittrex)

Apr 2, 19:51

Hi,

We have looked into multiple accounts that were hacked in the same way as yours. All of the orders placed on these hacked accounts were done so from the users own machines as we have login data that shows this. The attacker also immediately withdrew the stolen funds via the api. The attacker seems to also be using a VPN as their account has lots of different ip's for the login

Have you installed any wallet software within the past couple of days? Another one of the users said they had installed some items and even saw that the attacked cleared their log files (they were on linux), it could even be something like a browser extension. Any changes to the system....

Thank you,

Ryan

Interesting that they mention multiple accounts - that means that more than two were hacked... It looks like they must have used some sort of bot. Too many to manually bruteforce.
legendary
Activity: 1288
Merit: 1000
It's really early here in the UK, i'm gonna get some sleep.

I have a possibility of what might of happened. It's obvious I was targeted.

Is there anyone here with hacking skills willing to help? i'll have to speak through PM.

Leigh.
legendary
Activity: 1092
Merit: 1000
Just got this reply from bittrex:  

 Ryan Hentz (Bittrex)

Apr 2, 19:51

Hi,

We have looked into multiple accounts that were hacked in the same way as yours. All of the orders placed on these hacked accounts were done so from the users own machines as we have login data that shows this. The attacker also immediately withdrew the stolen funds via the api. The attacker seems to also be using a VPN as their account has lots of different ip's for the login

Have you installed any wallet software within the past couple of days? Another one of the users said they had installed some items and even saw that the attacked cleared their log files (they were on linux), it could even be something like a browser extension. Any changes to the system....

Thank you,

Ryan

Few things to check
Do you use any other exchanges beside Bittrex , were they compromised?

Were you and everyone else running Linux Mint?
If so what version, it may have been the earlier version were also infected and no one caught it.
Did you confirm the check sum when you downloaded the original ISO?
(If the check sum of your ISO , does not match , odds are that was your infection point.)

Is your PC connected directly to a Cable or DSL modem, with no hardware Firewall in-between?

What new software have you downloaded in the past week or so?

 Cool

legendary
Activity: 1288
Merit: 1000
Just got this reply from bittrex: 

 Ryan Hentz (Bittrex)

Apr 2, 19:51

Hi,

We have looked into multiple accounts that were hacked in the same way as yours. All of the orders placed on these hacked accounts were done so from the users own machines as we have login data that shows this. The attacker also immediately withdrew the stolen funds via the api. The attacker seems to also be using a VPN as their account has lots of different ip's for the login

Have you installed any wallet software within the past couple of days? Another one of the users said they had installed some items and even saw that the attacked cleared their log files (they were on linux), it could even be something like a browser extension. Any changes to the system....

Thank you,

Ryan
full member
Activity: 166
Merit: 100
it wasn't random.. you were targeted but by whom?

First guys i would suspect are Bittrex staff.. but i doubt they are behind it.
But IT is possible !

And if you use similar passwords on other sites then i bet one of the other sites staff targeted you.
See how these places can not be trusted?

Or you got nailed with a keylogger maybe.. they get posted here occasionally in wallets.
downloading any sketchy altcoin wallets?

If my password was compromised Bittrex would be getting blamed.
I use Password Depot to generate complicated & advanced 24 char random passwords.
So no one is going to guess it..

PS:
Watch out for ransomware guys.. they are on pretty much all OS's these days now. (even Mac's)

Good advice!!

Also, I read a story on a hacker he said that if ppl use passwords that auto complete, the kind in keychains. Then you don't type in the passwords and
key loggers never see what your typing.

Even with my 2fa I wait till the last second to type them in incase I'm being logged.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
it wasn't random.. you were targeted but by whom?

First guys i would suspect are Bittrex staff.. but i doubt they are behind it.
But IT is possible !

And if you use similar passwords on other sites then i bet one of the other sites staff targeted you.
See how these places can not be trusted?

Or you got nailed with a keylogger maybe.. they get posted here occasionally in wallets.
downloading any sketchy altcoin wallets?

If my password was compromised Bittrex would be getting blamed.
I use Password Depot to generate complicated & advanced 24 char random passwords.
So no one is going to guess it..

PS:
Watch out for ransomware guys.. they are on pretty much all OS's these days now. (even Mac's)
Pages:
Jump to: