Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 2. (Read 22334 times)

I received a message from Bittrex that my account has abnormal activity generated from an unknown IP address. I had it protected with 2FA so I don't know how it was possible. The fact that I'm only using one IP address made it a bit strange. Does anyone here also receive the same message or notification from Bittrex? I've sent all my balance to different wallets and disabled my account for the meantime, but I still plan to create another account with them in case this security issue is solved.

Aside from 2FA, I access websites that I frequently visit using my bookmarks, that way I don't have to Google for the site, I don't even click links from Facebook or emails that I receive specially if the given link has been shortened. I also dont access Bittrex or Poloniex using someone elses laptop, computer or smart phone, not even in a public internet cafe.

There is a fake bittrex website now when you google it?

This was the same thing with all those myetherwallets being hacked.
They went to the site after they google gave them the site with the 'net' at the end instead of the real site which is 'com'. 

I think it's the safest thing to do in you enable 2fa on your bittrex account especially now there are a lot who have been hacked. So to be safe and won't regret afterwards then better place a 2fa asap.

I guess you mail got compromised too.
Sry I´m a bit late

You can´t be paranoid enough with altcoins, enable every security feature you can.

Hi all!

I got hacked on 19th June too, around 1am. The hacker sold around 0.7btc of Altcoins to buy Bitcoin. 2FA was not enabled, I did it right now.
I don't understand something, I cannot see it in the login history.


The orders were sent around 1am, but nobody logged in during this 19th of June. How is this possible?


Any chance to recover these altcoins with Bitrex?

So i was not crazy after all. The same thing happened to me yesterday (19th June, 2017) night too (close to midnight) although i have 2FA enabled with a verified account. Yes i have 2FA enabled even as i write, unbelievable but it happened. I posted in a group to warn members of my plight so they atleast move their hard earned money to their offline wallets and they laughed at me, and blamed for my loss 🙁

I did some search and realized i was not the only one on that day. Check this out: http://highoncoins.com/cryptocurrency-trading-tips/do-not-use-two-factor-authenticatoin-with-bittrex/#comment-12347

I hope in the future Bittrex enables the possibilities of withdrawal confirmation emails even with 2FA, so at least one would stand a chance against the hacker if once email account is not already compromised. Such is the case in Perfect Money and Coinpayments

So my advice is to please keep your hard earned coins/btc offline esp those you are holding for long term and not trading with.

Thank you

NB:
please do not belittle my comments, call me names, call me a liar or worse and think or say to yourself "this will never happen to me". Ask me last week and i would have sung the same song. This hacking business is real and it could happen to you. 

People thought that they are invincible from those attack and they doesn't want to take the hassle setting up the 2fa feature in their account but if they where been hit and compromised then im pretty sure that they will add that feauture immediately. Same on what happens to me i never setted up my 2fa until i've been hacked by unknown guy who spread some bounties and asking our email to received his freakin freebies and the result of that he breached unto my bittrex account and learned so many things after that hack.

I've never been hacked, but always take the necessary precautions. 2FA is a no brainer, along with strong password security, also run MalwareBytes, they have the strongest detection engine and will usually catch the zero day stuff based on heuristics.

Now a days every exchange is facing same situation, so we have to care about your accounts by setting them with 2fa. We don't know exactly when fraud people will hack exchanges. So we have to be very careful and by setting 2fa.

Last night lot of strange things happened. In total about 168K of FTC, 17.5K VTC and bunch of other alts were stolen(destroyed) on bittrex from me. In total 11BTC worth.
All of this happened just after I applied for enhanced account verification, well maybe day after, and that is strangest thing.
Yes I didn't have 2FA, my bad but still I don't get what happened.
He didn't do any single withdraw, instead he was dumping my coins and buying them again at higher price. He was doing that for one hour, imagine that! before that he was logged in for 3 hours into my account doing nothing.
This could indicate buy - sell rotation and that in fact he was sending my coins over his bittrex account without withdrawing them then from there to send them over his account.
Final "sales" happened on ETH and REP.
Question is also this, how is possible that two persons can be logged in the same time to bittrex. Because I m always logged in, I didn't shut down my computer since last year, so keylogger or something is not an option. How is possible that someone could hack password who was unique and used only for bittrex. There is also captcha verification and he could pass it only if he had exact password, so brute force word list or something is also out of the question.
It started from:
then:
Tracking down Ip address is just waste of time nowdays...
 
In total 80 buy/sale requests over various coins.
Here is how it started:




Then there is how ended:




Again what was the point of this if this wasn't something I said earlier to transfer coins to his own bittrex account. This was purely to destroy them all. Any thoughts on this matter?

I bought a 2D barcode scanner on ebay. You can get them used for 20-50 bucks.  I created a 32 character password that is random gibberish, put it on a QR code, laminated it, and that's my lastpass password.   All of my website passwords are random gibberish created from GRC's random generator and I don't know any of my passwords (except forums, they are set up on a way where I can type them in). The ones for these exchanges are probably 15-20 characters long. An example password would be "S,!60$9RF.UN`_=0P  Lastpass fills them in so any fake websites the lastpass won't detect the site as valid.

2 factor is enabled on everything. The backup QR codes are stored in my safe deposit box. My lastpass recovery email address is a dedicated gmail account with it's own 32 character password, also protected by 2 factor authentication. I don't store that password on lastpass.   Basically everything is as secure as I would make it. To steal my shit they'd need my 2 factor authentication device, an old droid phone, my qr codes, stored in my wallet, along with my lastpass login email address, and they'd have to get all this and use it before I had a change to go and change the passwords.   I already have backup replacement passwords ready hidden in an undisclosed location of my house. Everything's as secure as I can make it.

Yeah, passwords leaks are everywhere on the internet now. If you don't have 2FA to secure your coins, you deserve to get hacked.

Did you got hacked just now ? this is an old thread but from what you posting it is appear you got hacked now ! did you have your 2fa on ? please explain more i have an account there .

Just had my account hacked too. No idea how it happened . The hacker logged in an hour after I did and tried to trade my account down

I just saw this thread. I lost BTC on Bittrex too when I inadvertently clicked on a site that looked like Bittrex after I had googled 'Bittrex'.

Basically I was phished, the login page looked exactly like the Bittrex login page and when I entered my PW and 2FA I noticed that the miscreant then also had access to my Bittrex account and had placed all of my altcoins on AutoSell, it was frightening watching all of my coins get sold by someone else in real time !.

I was lucky however, I just managed to insert my own BTC address from another exchange and transferred the resulting BTC to it before the miscreant could transfer them out, with less than a second to spare. I lost some BTC from the autoselling which sold my coins at a knock down price.

Of course, in hindsight I could have just blocked the account by clicking on the auto email sent when I logged in but I panicked and wasn't conscious of that option at that time.

That was a frightening experience and now I ALWAYS check that the exchange website is the correct one. I ALWAYS use the virtual keyboard in the OS, ALWAYS use 2FA and different PW's for all accounts, ALWAYS use a completely separate email for exchanges than for day to day correspondence.  Good luck out there, it's a dangerous world ! DD

Many people will start activating 2fa to their account after seeing your post, really very bad for those stupid who hacked. Many hardworking people used their mind to make some profits in trading, but these stupid people simply hacking account it is really unfair. Better send a support ticket to them atleast you will get back your account.

I have this version - I had an account on Crypsty with the same login and password. May be this database accounts from Crypsty came to bad guys?

request to the victims - you were on Crypsty with the same password?

Setup my Bittrex account with 2fa now, i just think email verification for withdrawal is secure but double safety for my account is the best way, i hope all member should understand about security, always make different password with another account/make uniqe, setup account email with phone number verification, use 2fa for all exchange account