Pages:
Author

Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 11. (Read 22359 times)

full member
Activity: 168
Merit: 100
but to check first of course check your last skype contacts, any remote access users youve allowed. 

I cannot see brute forcing bittrex a possibility.   even if  they had your username somehow.   spoofing the site would be much easier, so if that's the case then others should be aware of a fake bittrex site.
full member
Activity: 168
Merit: 100
hello.  im sorry about your coins.  id like to ask.  do you have teamviewer, vnc or skype installed in your computers?
it sounds like the attacks may have been local?

also have you installed https everywhere from eff? it is possible a browser or spoof attack

I have skype installed. Do you know any hacks that can be used on skype?

No I don't have https everywhere, I used to.

yes skype reveals ip.   do you use standard isp password too? also yes if not forcing ssl you could have got browser spoofed.

  lol and yes bitcointalk has been hacked many times with all the info dumped.. dont use any monetary account related email username or password here id say
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
Someone might have got your email and he might be bruteforcing manually. I don't know if there is any tool which can be used to bruteforce forms with captcha.

There are email lists for bitcoiners - when Cryptsy was dying, I got a phishing email, but it was to an old email address that I'd had at Mintpal not the email address I actually used at Cryptsy. So i knew they hadn't been hacked. I'm pretty sure that people with accounts at mtgox are on a list somewhere too. If the password you are using is similar, then they probably tried a variation of that.

I forgot about craptsy, my passwords are very similar.


Remember that bitcointalk got hacked a while back too. If you are using the same email and a similar password here too, that that could be how they got in.

I know you said you have changed your passwords, but it might be worth using a different email as well. And having completely different passwords for each exchange you use.
legendary
Activity: 1288
Merit: 1000
hello.  im sorry about your coins.  id like to ask.  do you have teamviewer, vnc or skype installed in your computers?
it sounds like the attacks may have been local?

also have you installed https everywhere from eff? it is possible a browser or spoof attack

I have skype installed. Do you know any hacks that can be used on skype?

No I don't have https everywhere, I used to.
legendary
Activity: 1288
Merit: 1000
Someone might have got your email and he might be bruteforcing manually. I don't know if there is any tool which can be used to bruteforce forms with captcha.

There are email lists for bitcoiners - when Cryptsy was dying, I got a phishing email, but it was to an old email address that I'd had at Mintpal not the email address I actually used at Cryptsy. So i knew they hadn't been hacked. I'm pretty sure that people with accounts at mtgox are on a list somewhere too. If the password you are using is similar, then they probably tried a variation of that.

I forgot about craptsy, my passwords are very similar.
full member
Activity: 168
Merit: 100
hello.  im sorry about your coins.  id like to ask.  do you have teamviewer, vnc or skype installed in your computers?
it sounds like the attacks may have been local?

also have you installed https everywhere from eff? it is possible a browser or spoof attack
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
Someone might have got your email and he might be bruteforcing manually. I don't know if there is any tool which can be used to bruteforce forms with captcha.

There are email lists for bitcoiners - when Cryptsy was dying, I got a phishing email, but it was to an old email address that I'd had at Mintpal not the email address I actually used at Cryptsy. So i knew they hadn't been hacked. I'm pretty sure that people with accounts at mtgox are on a list somewhere too. If the password you are using is similar, then they probably tried a variation of that.
hero member
Activity: 1036
Merit: 501
Shit!
You lost 8 BTC.

Setting up 2FA on all of my accounts.
legendary
Activity: 1288
Merit: 1000
Most likely a browser exploit but Mint linux was hacked a while back and a compromised iso was downloaded for a day or two.

http://www.pcworld.com/article/3035682/security/hackers-planted-a-backdoor-inside-a-compromised-version-of-linux-mint.html

My copy pre dates Feb 20th.

legendary
Activity: 1090
Merit: 1000
Most likely a browser exploit but Mint linux was hacked a while back and a compromised iso was downloaded for a day or two.

http://www.pcworld.com/article/3035682/security/hackers-planted-a-backdoor-inside-a-compromised-version-of-linux-mint.html
legendary
Activity: 1288
Merit: 1000
Someone might have got your email and he might be bruteforcing manually. I don't know if there is any tool which can be used to bruteforce forms with captcha.

I changed my password on my email just for good measure.
legendary
Activity: 1288
Merit: 1000
Sorry to hear this happened  Sad That is a lot of btc.  This is a great reminder to everyone and myself to do 2F whenever offered.

Yeah man, I wouldn't sleep for 2 weeks if I have lost that much BTC.

leigh2k14,
You said you used to compile wallets from source, is that on windows or linux?

Linux mint.
I thought Linux is a free operating system from Trojan or keylogger or any similar hacking virus ?
is that possible Huh??

If a key logger was used, they would only be able to install in my home folder, the rest of the OS needs root privileges.
hero member
Activity: 714
Merit: 500
IF YOU Enjoy Trade with ME ..PUT Feedback Please
Sorry to hear this happened  Sad That is a lot of btc.  This is a great reminder to everyone and myself to do 2F whenever offered.

Yeah man, I wouldn't sleep for 2 weeks if I have lost that much BTC.

leigh2k14,
You said you used to compile wallets from source, is that on windows or linux?

Linux mint.
I thought Linux is a free operating system from Trojan or keylogger or any similar hacking virus ?
is that possible Huh??
legendary
Activity: 938
Merit: 1000
Sorry to hear this happened to you. Yeah, 2FA is a MUST. But if you do have a keylogger you should probably get Spyshelter and then change all your passwords using a manager like Lastpass.
sr. member
Activity: 295
Merit: 250
Someone might have got your email and he might be bruteforcing manually. I don't know if there is any tool which can be used to bruteforce forms with captcha.
legendary
Activity: 2282
Merit: 1041
has this something to do with easy passwords? is your password easy to predict?

I hate setting up 2FA actually mobile isn't my thing. I wouldn't mind if I getto login to the site regularly but if not, I would simply avoid setting it up.
I don't login much to my bittrex account i just login in there once and got out since I prefer to buy coins on polo.
legendary
Activity: 1288
Merit: 1000
Have you logged into your Bittrex account from any other PC which you don't own?

No.
legendary
Activity: 1288
Merit: 1000
I have never heard of a keylogger existing on Linux, maybe there is, I am not an expert. If you are using a complicated and unique password, bruteforcing would be difficult and also Bittrex uses captcha for every login, so brute-forcing will also be very slow.


My password was only eight characters, one uppercase and two numbers.

Not the best.
sr. member
Activity: 295
Merit: 250
Have you logged into your Bittrex account from any other PC which you don't own?
sr. member
Activity: 295
Merit: 250
I have never heard of a keylogger existing on Linux, maybe there is, I am not an expert. If you are using a complicated and unique password, bruteforcing would be difficult and also Bittrex uses captcha for every login, so brute-forcing will also be very slow.
Pages:
Jump to: