Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 3. (Read 22334 times)
Thanks for explaining this.
I don't understand how a bittrex account got hacked while the email box was not touched because before you can withdraw funds, you have to approve the withdrawal from a link sent into your mail box. So how did the hacker withdraw without getting approval via that link? 
That's a good question. Also interested in this.
I don't understand how a bittrex account got hacked while the email box was not touched because before you can withdraw funds, you have to approve the withdrawal from a link sent into your mail box. So how did the hacker withdraw without getting approval via that link?
Mine and another member of this forum have been hacked today, I lost 8BTC worth of alts, i'm not sure how much CosaNostra lost.
https://bitcointalksearch.org/topic/m.14399775
And before you ask, no I did not have 2fa set up (lesson learned).
Have any others been hacked?
Thanks for reminders mate I already have an account there but not just big amount on my account , but still want to make sure money would be safe so I open my 2fa now. https://bitcointalksearch.org/topic/m.14399775
And before you ask, no I did not have 2fa set up (lesson learned).
Have any others been hacked?
I dont understand why people dont use 2fa. It takes only a few minutes to set up and it can save you from total losses. Fucking incredible
In fact they are always saying lesson learned if they already experienced huge losses because of their negligence.Setting 2fa isnt really a hard thing to do which is always been putted by most trading platforms and wallets. Some people will put up 2fa because they are afraid to lose up money and while others dont mind because they know that someone cant get their password but we all know that in online world less security is vulnerable always on hacks. 
I dont understand why people dont use 2fa. It takes only a few minutes to set up and it can save you from total losses. Fucking incredible
Its not save with Bittrex, my account was hacked too.
Password: uniqe to Bittrex!
No 2-factor auth.
No other compromised account, no hacked e-mail as i know.
Using linux on all systems.
Lost about 7 BTC in AMP and XMR.
Bittrex: no help.
Insider Job?
What i have learned (very old advice): leave no money on exchanges!
For your information:
then they did this transactions:
Password: uniqe to Bittrex!
No 2-factor auth.
No other compromised account, no hacked e-mail as i know.
Using linux on all systems.
Lost about 7 BTC in AMP and XMR.
Bittrex: no help.
Insider Job?
What i have learned (very old advice): leave no money on exchanges!
For your information:
Code:
Login Time: 10/21/2016 06:50
IP Address: 2a03:b0c0:0003:00d0:0000:0000:1c0e:d001
User Agent: Mozilla/5.0 (Microsoft Windows NT 6.2.9200.0); rv:22.0) Gecko/20130405 Firefox/22.0
then they did this transactions:
Code:
Closed Date Opened Date Market Type Bid/Ask Units Filled Units Total Actual Rate Cost / Proceeds
10/21/2016 02:28:32 PM 10/21/2016 02:28:25 PM BTC-SLING Limit Sell 0.00003600 317.04699022 317.04699022 0.00003599 0.01138516
10/21/2016 02:28:15 PM 10/21/2016 02:28:15 PM BTC-SLING Limit Buy 0.00006900 317.04699022 317.04699022 0.00006899 -0.02193093
10/21/2016 02:27:57 PM 10/21/2016 02:27:48 PM BTC-SLING Limit Sell 0.00003600 610.71547174 610.71547174 0.00003599 0.02193079
10/21/2016 02:27:32 PM 10/21/2016 02:27:32 PM BTC-SLING Limit Buy 0.00006900 610.71547174 610.71547174 0.00006899 -0.04224470
10/21/2016 02:26:56 PM 10/21/2016 02:26:48 PM BTC-SLING Limit Sell 0.00003400 1245.59679507 1245.59679507 0.00003399 0.04224442
10/21/2016 02:26:38 PM 10/21/2016 02:26:38 PM BTC-SLING Limit Buy 0.00007100 1245.59679507 1245.59679507 0.00007099 -0.08865846
10/21/2016 02:26:03 PM 10/21/2016 02:25:53 PM BTC-SLING Limit Sell 0.00003333 2666.66581622 2666.66581622 0.00003332 0.08865778
10/21/2016 02:25:43 PM 10/21/2016 02:25:43 PM BTC-SLING Limit Buy 0.00007400 2666.66581622 2666.66581622 0.00007399 -0.19782660
10/21/2016 02:25:20 PM 10/21/2016 02:25:12 PM BTC-SLING Limit Sell 0.00003200 6197.52763099 6197.52763099 0.00003199 0.19782508
10/21/2016 02:24:59 PM 10/21/2016 02:24:58 PM BTC-SLING Limit Buy 0.00007100 6197.52763099 6197.52763099 0.00007099 -0.44112452
10/21/2016 02:24:37 PM 10/21/2016 02:24:25 PM BTC-SLING Limit Sell 0.00003200 13819.57341100 13819.57341100 0.00003199 0.44112078
10/21/2016 02:24:14 PM 10/21/2016 02:24:13 PM BTC-SLING Limit Buy 0.00007500 13819.57341100 13819.57341100 0.00007499 -1.03905917
10/21/2016 02:23:54 PM 10/21/2016 02:23:44 PM BTC-SLING Limit Sell 0.00003050 17253.62103694 17253.62103694 0.00003049 0.52491986
10/21/2016 02:23:21 PM 10/21/2016 02:23:21 PM BTC-SLING Limit Buy 0.00007500 17253.62103694 17253.62103694 0.00007499 -1.29725662
10/21/2016 02:22:53 PM 10/21/2016 02:22:44 PM BTC-SLING Limit Sell 0.00003056 17253.62103694 17253.62103694 0.00003055 0.52595248
10/21/2016 02:22:27 PM 10/21/2016 02:22:27 PM BTC-SLING Limit Buy 0.00007500 17253.62103694 17253.62103694 0.00007499 -1.29714334
10/21/2016 02:22:07 PM 10/21/2016 02:22:01 PM BTC-SLING Limit Sell 0.00003012 17153.62103694 17153.62103694 0.00003011 0.51537540
10/21/2016 02:21:43 PM 10/21/2016 02:21:43 PM BTC-SLING Limit Buy 0.00007500 17153.62103694 17153.62103694 0.00007499 -1.28973785
10/21/2016 02:21:30 PM 10/21/2016 02:21:24 PM BTC-SLING Limit Sell 0.00003011 17102.42451400 17102.42451400 0.00003010 0.51366662
10/21/2016 02:21:11 PM 10/21/2016 02:21:11 PM BTC-SLING Limit Buy 0.00007500 17102.42451400 17102.42451400 0.00007496 -1.28526196
10/21/2016 02:20:32 PM 10/21/2016 02:19:38 PM BTC-SLING Limit Sell 0.00003050 10614.87137900 10614.87137900 0.00003049 0.32294420
10/21/2016 02:19:49 PM 10/21/2016 02:19:48 PM BTC-AMP Limit Sell 0.00025800 7208.75669560 7208.75669560 0.00025909 1.86309939
10/21/2016 02:19:24 PM 10/21/2016 02:19:24 PM BTC-SLING Limit Buy 0.00007500 10614.87137900 10614.87137900 0.00007494 -0.79747907
10/21/2016 02:18:50 PM 10/21/2016 02:18:43 PM BTC-SLING Limit Sell 0.00003050 10899.80840078 10899.80840078 0.00003049 0.33161305
10/21/2016 02:18:34 PM 10/21/2016 02:18:34 PM BTC-SLING Limit Buy 0.00007500 10899.80840078 10899.80840078 0.00007499 -0.81952932
10/21/2016 02:18:12 PM 10/21/2016 02:18:07 PM BTC-SLING Limit Sell 0.00003050 10870.23084700 10870.23084700 0.00003049 0.33071319
10/21/2016 02:17:56 PM 10/21/2016 02:17:56 PM BTC-SLING Limit Buy 0.00007500 10870.23084700 10870.23084700 0.00007498 -0.81712997
10/21/2016 02:17:23 PM 10/21/2016 02:17:15 PM BTC-SLING Limit Sell 0.00003050 10766.45894396 10766.45894396 0.00003049 0.32755605
10/21/2016 02:16:50 PM 10/21/2016 02:16:50 PM BTC-SLING Limit Buy 0.00007450 10766.45894396 10766.45894396 0.00007396 -0.79835343
10/21/2016 02:16:29 PM 10/21/2016 02:16:23 PM BTC-SLING Limit Sell 0.00003050 10067.47784451 10067.47784451 0.00003049 0.30629043
10/21/2016 02:16:11 PM 10/21/2016 02:16:11 PM BTC-SLING Limit Buy 0.00006541 5007.88935140 5007.88935140 0.00006540 -0.32838409
10/21/2016 02:16:00 PM 10/21/2016 02:16:00 PM BTC-SLING Limit Buy 0.00006535 5059.58849311 5059.58849311 0.00006534 -0.33146361
10/21/2016 02:15:05 PM 10/21/2016 02:14:56 PM BTC-SLING Limit Sell 0.00003000 5145.22682156 5145.22682156 0.00002999 0.15397091
10/21/2016 02:14:46 PM 10/21/2016 02:14:46 PM BTC-SLING Limit Buy 0.00006526 5145.22682156 5145.22682156 0.00006519 -0.33630585
10/21/2016 02:14:20 PM 10/21/2016 02:14:14 PM BTC-SLING Limit Sell 0.00003000 5144.91112403 5144.91112403 0.00002999 0.15396147
10/21/2016 02:13:57 PM 10/21/2016 02:13:39 PM BTC-SLING Limit Buy 0.00006400 4351.91052082 4500.00000000 0.00006395 -0.27901762
10/21/2016 02:13:21 PM 10/21/2016 02:13:21 PM BTC-SLING Limit Buy 0.00006540 793.00060321 793.00060321 0.00005994 -0.04765391
10/21/2016 02:12:41 PM 10/21/2016 02:12:35 PM BTC-SLING Limit Sell 0.00003000 4297.17680816 4297.17680816 0.00002999 0.12859302
10/21/2016 02:12:21 PM 10/21/2016 02:12:21 PM BTC-SLING Limit Buy 0.00006526 1022.23344507 1022.23344507 0.00005999 -0.06148439
10/21/2016 02:11:37 PM 10/21/2016 02:11:36 PM BTC-SLING Limit Buy 0.00006526 3274.94336309 3274.94336309 0.00004500 -0.14774848
10/21/2016 02:11:20 PM 10/21/2016 02:11:19 PM BTC-XMR Limit Sell 0.01019861 484.15670224 484.15670224 0.01030000 4.97434709
Fuck, I got hacked too, how is it possible, that so much Bittrex accounts get hacked.
My password stoped working, so I reset it and 10min. ago I saw everything is gone.
No 2fa because i´m retarded.
My E-Mail Accounts got hacked too, changed all the passwords, the amound of hacking attacks and
spam mails is getting ridiculous, don´t know what to do about that.
My password stoped working, so I reset it and 10min. ago I saw everything is gone.
No 2fa because i´m retarded.
My E-Mail Accounts got hacked too, changed all the passwords, the amound of hacking attacks and
spam mails is getting ridiculous, don´t know what to do about that.
Well if your email accounts got hacked too, it is because you were using similar passwords across the board, and they got hold of one (either from your mtgox account or your mintpal account) and used it as a base to figure out how to access your stuff.
Make sure you use completely different passwords for every single account you have.
your account is hack, your balance can refund is management bittrex or not,
your ready send ticket support or not,if ready ticket support what is answer response your ticket ?, balance refund or not
your ready send ticket support or not,if ready ticket support what is answer response your ticket ?, balance refund or not
Fuck, I got hacked too, how is it possible, that so much Bittrex accounts get hacked.
My password stoped working, so I reset it and 10min. ago I saw everything is gone.
No 2fa because i´m retarded.
My E-Mail Accounts got hacked too, changed all the passwords, the amound of hacking attacks and
spam mails is getting ridiculous, don´t know what to do about that.
My password stoped working, so I reset it and 10min. ago I saw everything is gone.
No 2fa because i´m retarded.
My E-Mail Accounts got hacked too, changed all the passwords, the amound of hacking attacks and
spam mails is getting ridiculous, don´t know what to do about that.
I was hacked too, 1.5 BTC is gone
I didn't use 2FA, my PC and phone are not compromissed
The password has Upper, lower case letters and numbers, I don't use the email to send messages or subscribe lists.
Here's a log, but this means nothing.
Login Time: 04/29/2016 12:26
IP Address:
79.150.204.10
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:46.0) Gecko/20100101 Firefox/46.0
IP Address:
87.120.46.145
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
IP Address:
94.227.131.175
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
I think bittrex should implement log in limitation by IP, so we can configure the account to accept only one or an IP range
I didn't use 2FA, my PC and phone are not compromissed
The password has Upper, lower case letters and numbers, I don't use the email to send messages or subscribe lists.
Here's a log, but this means nothing.
Login Time: 04/29/2016 12:26
IP Address:
79.150.204.10
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:46.0) Gecko/20100101 Firefox/46.0
IP Address:
87.120.46.145
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
IP Address:
94.227.131.175
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
I think bittrex should implement log in limitation by IP, so we can configure the account to accept only one or an IP range
I don't get the discussion about 2fa and Google. You also can use "WinAuth" and has nothing to do with Google. You can use it on a normal PC and not a phone. Also OP and the other victims mentioned that they didn't use 2fa. The intruder only used 2fa to get the API keys for his bot. The IP numbers are in the logfiles. But IP numbers doesn't say a thing, more....doesn't say anything.
The question stays how on earth did the intruder get the login info.
The question stays how on earth did the intruder get the login info.
Because this guy claimed his account was hacked and 2FA enabled to withdraw the stolen funds.
https://bitcointalksearch.org/topic/m.14482234
But to be honest , we have no 3rd party verification that anything that anyone has posted is true.
The victims must report the crime so it can be investigated.
What original phone number? This is a tablet that only has wifi. Maybe the IP address is stored, but there is no phone number to store.
So the only real question , is when are you guys that claimed to be robbed going to report this to the FBI, so we can get this show on the road.
I agree with you here. The victims must report the crime.
The Tablet's only link is the Google account to the 2fa, so any other device that also has accessed the same google account, such as any mobile phone # that checked a gmail registered to that google account can be cross referenced.
Example: If you ever checked your Gmail or access your Google account from a PC or cellphone that information was stored and can be cross referenced.
Google can tell exactly which device you are using each time.
But all our speculation here does nothing to actually catch the criminal.
The victims must report the crime.
I don't get the discussion about 2fa and Google. You also can use "WinAuth" and has nothing to do with Google. You can use it on a normal PC and not a phone. Also OP and the other victims mentioned that they didn't use 2fa. The intruder only used 2fa to get the API keys for his bot. The IP numbers are in the logfiles. But IP numbers doesn't say a thing, more....doesn't say anything.
The question stays how on earth did the intruder get the login info.
The question stays how on earth did the intruder get the login info.
I use Google authenticator, on my tablet, for Bittrex. My tablet doesn't have phone capabilities.
If you did it this way the original Phone # is stored with the account.
What original phone number? This is a tablet that only has wifi. Maybe the IP address is stored, but there is no phone number to store.
So the only real question , is when are you guys that claimed to be robbed going to report this to the FBI, so we can get this show on the road.
I agree with you here. The victims must report the crime.
I use Google authenticator, on my tablet, for Bittrex. My tablet doesn't have phone capabilities.
If you did it this way the original Phone # is stored with the account.
Quote
Use Google Authenticator on Multiple Devices
The Authenticator app is available for Android, iPhone, Windows Phone and BlackBerry mobile phones. If you however carry two or more of these devices, like an iPad and an Android mobile phone, you can configure the app such that same code is generated on all your devices. This is handy because you can then pick the one-time code either from your phone or the tablet for logging in.
The Authenticator app is available for Android, iPhone, Windows Phone and BlackBerry mobile phones. If you however carry two or more of these devices, like an iPad and an Android mobile phone, you can configure the app such that same code is generated on all your devices. This is handy because you can then pick the one-time code either from your phone or the tablet for logging in.
If you did it any other way then your Google Account is stored with a link to the 2FA account.
Which means Google can list every IP, including hot spots your tablet accessed, and maybe even the GPS coordinates in the tablet depending on the brand.
Also any Devices that have used that Google account can be cross referenced , Office/Home PC Internet IPs, & any Mobile Phones #.
(More Tracking that anything 1984 ever dreamed up.)
Any of which can be traced back to you if you used 2FA.
So the only real question , is when are you guys that claimed to be robbed going to report this to the FBI, so we can get this show on the road.
Dude, seriously bittrex and poloniex don't send anything to your damn phone. It is not SMS 2factor, they don't send you a text. Did you even read the link I posted? I guess at this point you are trolling because nobody is that stupid. I'm moving on and will avoid posts with you on them in the future. Not worth my time, I have money to lose in alt coins, ta ta.
Reading Comprehension is really not your strong suit.
Bittrex directly stated download Google Authenticator on your mobile device.
Good Bye,
Mr. Frighten Stalker
I use Google authenticator, on my tablet, for Bittrex. My tablet doesn't have phone capabilities.
Dude, seriously bittrex and poloniex don't send anything to your damn phone. It is not SMS 2factor, they don't send you a text. Did you even read the link I posted? I guess at this point you are trolling because nobody is that stupid. I'm moving on and will avoid posts with you on them in the future. Not worth my time, I have money to lose in alt coins, ta ta.
Reading Comprehension is really not your strong suit.
Bittrex directly stated download Google Authenticator on your mobile device.
Good Bye,
Mr. Frighten Stalker
Jump to: