Pages:
Author

Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 5. (Read 22359 times)

newbie
Activity: 8
Merit: 0
   Sounds more like money laundering, then them trying to steal your coins.  It would be interesting to see what account was at the other end of most of those trades. 

BTC from my account were withdrawn to these adresses:

April 2nd    1HUznZ7QibU6TgjPzEU5aioBDPBST9sojc
April 1st    1AhoUxM2MyNrBzRb6Y51WZHS1y9rzYtgro
newbie
Activity: 8
Merit: 0
Bittrex is monitoring this thread, they say my computer is compromised, and that is not so. My bittrex account and mail were compromised, but still I haven't recieved IP adresses used for login on April 1st and 2nd.

They are refusing to take any responsibility in terms of bad security and refunding mere 0.2 BTC, although they should have forced use od 2fa, not leaving it as a option. Furthermore, talking about security, they unlocked my account's 2fa after just one email, so even if I had used 2fa, if my mail was hacked, bittrex account could have been not only hacked but unlocked by staff.

Also, they haven't announced how many accounts were hacked.

Looking at many coin price charts, there is evident and huge price drop on April 1st, so it must be huge amount of coins, which can't come from a handfull of accounts. This must be something going on on a big scale.

They are making fools of themselves for cheap. Classic assholes.

I don't care about 0,2 BTC and bloody bittrex, but it's thing of principles.

legendary
Activity: 1007
Merit: 1000
No, no no!

That was not my money.

I had ~4000 FTC and 0.1 BTC there.

Somehow with those transactions they made 50 BTC and took them away.

They enabled 2fa so they can withdraw without mail confirmation, and I can't login to stop them.

Bittrex security=0

   Sounds more like money laundering, then them trying to steal your coins.  It would be interesting to see what account was at the other end of most of those trades. 
hero member
Activity: 574
Merit: 500
No, no no!

That was not my money.

I had ~4000 FTC and 0.1 BTC there.

Somehow with those transactions they made 50 BTC and took them away.

They enabled 2fa so they can withdraw without mail confirmation, and I can't login to stop them.

Bittrex security=0

It is clear that your email and or entire computer is compromised.  You mentioned that you noticed a strange IP login to your email account.  The only way they can turn on 2FA is if you verify it through email, which they did.  This has nothing to do with Bittrex security.

Ryan @ Bittrex
newbie
Activity: 8
Merit: 0
No, no no!

That was not my money.

I had ~4000 FTC and 0.1 BTC there.

Somehow with those transactions they made 50 BTC and took them away.

They enabled 2fa so they can withdraw without mail confirmation, and I can't login to stop them.

Bittrex security=0
full member
Activity: 225
Merit: 100
..HOLY SHIT!!!..

I imagine what you're feeling now, man
I hope this isn't all your life savings, as it was for me
newbie
Activity: 8
Merit: 0
They reset 2fa, I managed to enter my account

HOLY SHIT!!!

All my funds (FTC and BTC) were used in about 715 transactions with various coins: apex, arb, uro, smbr, kore, tron, grs, lxc, excl, tri, ybc, xdq, root, ftc, lxc and xqn, in period April 1st-April 2nd.

Here is transaction history: https://drive.google.com/file/d/0BzKo9AFn9Gq-TThiQXdzSG5zZnM/view?usp=sharing

In the same period 30 BTC withdrawals occured, and total of about 50 BTC were withdrawn!!!!

I had about 4000 FTC and 0,1 BTC before all that.

How they made 50 BTC?!

Now I'm left with 600 FTC in stuck wallet, 0.49 YBC, 11.8 SHF and 113.6 APEX.
newbie
Activity: 8
Merit: 0
I haven't found any confirmation message in my inbox, but, strange, in history of mail client (yahoo) saw one unusual login at 01/04/2016 from strange IP adress, at the time I was at work. Also, no emails about failed login attempts due to loss of 2fa code.

All withdrawals from bittrex were in unusual time of day, when I sleep (12PM-6AM) or work (7AM-2PM), all times listed are UTC, my time is 2 hours more:

1. 96d4871660...   1140320   2016-03-23 07:47:59   (337)   3168.073   FTC   
2. 49070b78b9...   1145748   2016-03-27 06:11:01   (727.256)   2891.217   FTC 
3. 2aa6fa781d...   1148866   2016-03-29 12:18:35   (150.3)   2890.917   FTC 
4. 47ce3e6709...   1152859   2016-04-01 09:32:21   (150.4)   3040.817   FTC
5. fd92b04175...   1161352   2016-04-07 13:28:55   (351.608)   3139.509   FTC

If 2fa is enabled, does every withdrawal need email confirmation? I'd like to see login info from bittrex staff.
hero member
Activity: 843
Merit: 1004
Yes, I have, but no reply yet.

So, he managed to withdraw funds w/o confirmation message?  Huh Shocked
newbie
Activity: 8
Merit: 0
Yes, I have, but no reply yet.
hero member
Activity: 843
Merit: 1004
I have similar problem with bittrex account hacking.

2fa was disabled.

I haven't logged couple days and when I tried to login today, I was asked to enter 2fa code, which, obviosly, I don't have.

Looking at transactions from my FTC wallet in explorer, I noticed payout of ~350 FTC on 07/04/2016 and two times ~150 FTC day or two before, which I havent initiated nor approved.

Now I can't login to my account nor withdraw ~4000 FTC and 0,1 BTC I have.

Also, FTC wallet on bittrex is in maintenance mode now, and BTC market also is blocked.

Something big is happening.

Have you submitted a ticket?
newbie
Activity: 8
Merit: 0
I have similar problem with bittrex account hacking.

2fa was disabled.

I haven't logged couple days and when I tried to login today, I was asked to enter 2fa code, which, obviosly, I don't have.

Looking at transactions from my FTC wallet in explorer, I noticed payout of ~350 FTC on 07/04/2016 and two times ~150 FTC day or two before, which I havent initiated nor approved. That is all available funds over funds that were reserved in trading order.

Now I can't login to my account nor withdraw ~4000 FTC and 0,1 BTC I have.

Also, FTC wallet on bittrex is in maintenance mode now, and BTC market also is blocked, no trading since 07/04/2016.

Something big is happening.
full member
Activity: 225
Merit: 100
Richie, I would have asked to give the information about how the stolen funds had been withdrawn, on what e-mail, on what bitcoin addresses and generally as much information about this account
hero member
Activity: 843
Merit: 1004
I have hardly played quiet... i've been in here every day trying to help figure out how < 10 accounts got compromised;  but at this point, it is not productive nor a good use of my time.  Feel free to have the authorities contact us.
thanks,
richie

Could you please tell me how exactly you did this, except sending everyone logs with the same info?

Allright, you say that you guys are experts in security.

First you say that all IPs were known and usual for the users, while even in the logs it shows as Unknown IP.
So, after TWO DAYS you said that you were mistaken and IPs were unknown.

First you say that there were multiple accounts hacked, and then you say it was a couple, now you say you don't care, because less than 10 accounts got compromised. You would feel better, if we would be talking about 1000+ accounts?

I guess I shoud repeat my questions here:

How many accounts compromised out there? Is that multiple or a couple?
Do these accounts have anything in common except absence of 2fa?
Are all the accounts of the attacker are new or he used some old accounts?
Are all the IPs of the attacker are different each time?
What coins and exact BTC/alts addresses were used to withdraw the funds?
Why in your opinion only Bittrex accounts were compromised?

Now, the most important question:
Why you haven't enforced 2fa, haven't published any alerts, or introduced email notifications on each login/trade?

When people say you played quiet, they mean that you did nothing to prevent more people from loosing their money.
No announcements, no alerts, no e-mail notifications... Nothing!

Have you put your exchange into maintenance mode or paused the trades? No!
Why? Because I guess you care more about your profits, not people!

You were silently watching people being robbed all these days Shocked

That's all I wanted to say about it.


Firstly, please stop trying to generate fud; its completely unproductive.  If our servers were compromised, there are way easier ways to get your money out.  It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours.  I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost.  Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar.   Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.
Thanks
richie@bittrex

Looks like i was mistaken... after a couple ticket responses and going back further in some cases... there have been login from IPs unknown. Please focus on finding a common denominator to these attacks.
richie@bittrex

2) Your logic about malware is flawed.  Do you think if any of our servers were compromised in any way, all you would see is a couple of non-2fa'd account drained using a bad trading method?  It doesn't make sense.

3) Lastly, I am not calling our users noobs, but we collectively are the experts here when it comes to security and how exchanges work.  I'm not sure how anyone can claim something different when it comes to how an exchange works.  I also get paid to do security for a living - I assert, rightly or wrongly, I do know more about this topic than most people. 

When faced with a problem, the most obvious answer is usually the right one once you have ruled out the others.  Instead wasting our time with this entire line of discussion, I'd rather have users figure out what the common denominator is and narrow down what caused this.  There's an obvious pattern;  i'd like to find it.

-richie@bittrex
hero member
Activity: 937
Merit: 1000
More accounts hacked, this should concern the whole crypto community.

As one of the largest exchanges has had a massive security breach.

We need to get the word out to as many crypto traders as possible.

Richie has no clue, or is covering up, this is really sad indeed.

I hope there's not more people that have had their hard earned funds stolen from them.

I asked richie in the destiny slack channel if he had any news on who hacked our accounts, and he told me I should report it to proper authorities.

Truely sad as he won't admit that the attackers found a way into his system, and won't admit any liability at all, it's quite clear that this was not a local machine hack, but a bittrex hack.


We know exactly what happened - you lost your credentials.

I told you to report it to the authorities because I can't release information about other accounts to you because of our privacy policy.  Attackers compromised your account which nothing to do with our system.  Please get your fact straight because i'm sure that it makes more sense that bittrex got hacked and it only affected a handful of accounts instead of you being compromised.

richie


@richie,
The reason you should report it , is that
1. It is more than one person.
2. Only your Exchange seemed to be Targeted.
3. The Users have no evidence exactly who stole the funds, in fact if they do contact the Authorities, they can just as easily list you as the thief since they do not know for 100% what happened.
4. You will have to speak with the authorities any way, when they request the log information
5. You just made yourself look guilty , by trying to play quiet.

But since you said no you would not ,
Ok all of you that funds are missing

Contact https://www.ic3.gov/complaint  , and report Bittrex for your funds being lost.
Or
All contact a Lawyer Jointly and file a Civil Suit against the exchange.
Bittrex LLC is a limited liability corporation formed and operated out of Las Vegas, Nevada.
Bittrex LLC
6077 S. Ft. Apache Rd
Suite 100
Las Vegas, NV 89148

Good Luck to Both of You.

 Cool

I have hardly played quiet... i've been in here every day trying to help figure out how < 10 accounts got compromised;  but at this point, it is not productive nor a good use of my time.  Feel free to have the authorities contact us.

thanks,
richie
legendary
Activity: 1092
Merit: 1000
More accounts hacked, this should concern the whole crypto community.

As one of the largest exchanges has had a massive security breach.

We need to get the word out to as many crypto traders as possible.

Richie has no clue, or is covering up, this is really sad indeed.

I hope there's not more people that have had their hard earned funds stolen from them.

I asked richie in the destiny slack channel if he had any news on who hacked our accounts, and he told me I should report it to proper authorities.

Truely sad as he won't admit that the attackers found a way into his system, and won't admit any liability at all, it's quite clear that this was not a local machine hack, but a bittrex hack.


We know exactly what happened - you lost your credentials.

I told you to report it to the authorities because I can't release information about other accounts to you because of our privacy policy.  Attackers compromised your account which nothing to do with our system.  Please get your fact straight because i'm sure that it makes more sense that bittrex got hacked and it only affected a handful of accounts instead of you being compromised.

richie


@richie,
The reason you should report it , is that
1. It is more than one person.
2. Only your Exchange seemed to be Targeted.
3. The Users have no evidence exactly who stole the funds, in fact if they do contact the Authorities, they can just as easily list you as the thief since they do not know for 100% what happened.
4. You will have to speak with the authorities any way, when they request the log information
5. You just made yourself look guilty , by trying to play quiet.

But since you said no you would not ,
Ok all of you that funds are missing

Contact https://www.ic3.gov/complaint  , and report Bittrex for your funds being lost.
Or
All contact a Lawyer Jointly and file a Civil Suit against the exchange.
Bittrex LLC is a limited liability corporation formed and operated out of Las Vegas, Nevada.
Bittrex LLC
6077 S. Ft. Apache Rd
Suite 100
Las Vegas, NV 89148

Good Luck to Both of You.

 Cool
hero member
Activity: 937
Merit: 1000
More accounts hacked, this should concern the whole crypto community.

As one of the largest exchanges has had a massive security breach.

We need to get the word out to as many crypto traders as possible.

Richie has no clue, or is covering up, this is really sad indeed.

I hope there's not more people that have had their hard earned funds stolen from them.

I asked richie in the destiny slack channel if he had any news on who hacked our accounts, and he told me I should report it to proper authorities.

Truely sad as he won't admit that the attackers found a way into his system, and won't admit any liability at all, it's quite clear that this was not a local machine hack, but a bittrex hack.


We know exactly what happened - you lost your credentials.

I told you to report it to the authorities because I can't release information about other accounts to you because of our privacy policy.  Attackers compromised your account which nothing to do with our system.  Please get your fact straight because i'm sure that it makes more sense that bittrex got hacked and it only affected a handful of accounts instead of you being compromised.

richie

legendary
Activity: 1288
Merit: 1000
More accounts hacked, this should concern the whole crypto community.

As one of the largest exchanges has had a massive security breach.

We need to get the word out to as many crypto traders as possible.

Richie has no clue, or is covering up, this is really sad indeed.

I hope there's not more people that have had their hard earned funds stolen from them.

I asked richie in the destiny slack channel if he had any news on who hacked our accounts, and he told me I should report it to proper authorities.

Truely sad as he won't admit that the attackers found a way into his system, and won't admit any liability at all, it's quite clear that this was not a local machine hack, but a bittrex hack.




 
hero member
Activity: 843
Merit: 1004
What worries me that the bittrex people still have no clue as to what happened, the flaw or hack is most likely still open for abuse.

If anything does go wrong with your account, YOU ARE ON YOUR OWN!

Bittrex in no way will except any liability at all.


https://bitcointalksearch.org/topic/m.14402160

Seems my account has been hacked.
Unique password, only existing in my head.

Coins seem to be dumped and then the hacker bought YBC and dumped them to himself for a low price because he couldn't withdraw...

AMP and RBR both gone...

Fuck...

It cant be that good password if he guessed it or he had a keylogger on your computer. You should use 2FA to protect you from this.

Haven't typed the password in over a year, was cached in browser.
Scanned my PC with every available tool (+ is protected by ESET) but no keylogger found

Password was unique for Bittrex and 14 characters long (random generated).

But 2FA was not setup...

my account is the same... password 12 characters with big small letters and numbers...
2FA not setted too Sad

is there some way to get contact with some bittrex support ? i like to see login history.

legendary
Activity: 1288
Merit: 1000
What worries me that the bittrex people still have no clue as to what happened, the flaw or hack is most likely still open for abuse.

If anything does go wrong with your account, YOU ARE ON YOUR OWN!

Bittrex in no way will except any liability at all.
Pages:
Jump to: