Pages:
Author

Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 6. (Read 22359 times)

hero member
Activity: 843
Merit: 1004
Here is a sample e-mail I'm getting from Yobit:

"Yobit Mailer

Dear User!
Your account was logged in.

Login: User
IP: XXX.XX.XX.XX
Date: 05.04.2016 11:08

Sincerely yours,
Team of Yobit.Net"





full member
Activity: 126
Merit: 100
Linux mint ISO was replaced by a hacked intruded operating system a while ago. Check to ensure you're using hacker's Mint version. They may read your computer and try to hack it.
legendary
Activity: 1188
Merit: 1001
that's the sad reality indeed but now safex.io or https://bitsquare.io/ project will help , to decentralize exchanges no more third party risk at least if anything runs as it should.

All you need is 2FA and you will be safe guys what's do hard about this.

Sorry without Knowing exactly what happened , it is unknown if 2FA would make a difference in their cases.

Example : How many people did 2FA protect at Cryptsy,
Answer: No One.

 Cool

FYI:
2FA is just another layer in stopping someone from logging in,
If an Exchange security is Breached, the exchange operators have direct access to your coins, and your login security does not matter at all.
legendary
Activity: 1092
Merit: 1000
I made a small rhyme.

2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day!

Smiley

LOL,

Once there was a rhyme,
that 2fa could stop crime,

It was a story with no truth,
conceived by a man locked in a booth.
 Cheesy

 Cool
full member
Activity: 132
Merit: 100
I made a small rhyme.

2fa all the way, 2fa all day. if you stray from 2fa its sure to be a very bad day!

Smiley
legendary
Activity: 1092
Merit: 1000
How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.


To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money.

Sorry your analogy is wrong,

it is more like you handed your wallet to your friend and when they handed it back, some of the cash was missing from it.
The Log information Bittrex has may be able to help determine the thief, refusing to hand that information over to Law Enforcement , means they did it or are an accomplice.
And just to be clear, I am not saying that, what I am saying is a 3rd party has to check out everyone's story to find the truth and the culprits.
But whoever refuses to call in that 3rd party (Law Enforcement) is hiding something.

 Cool
legendary
Activity: 1092
Merit: 1000
All you need is 2FA and you will be safe guys what's do hard about this.

Sorry without Knowing exactly what happened , it is unknown if 2FA would make a difference in their cases.

Example : How many people did 2FA protect at Cryptsy,
Answer: No One.

 Cool

FYI:
2FA is just another layer in stopping someone from logging in,
If an Exchange security is Breached, the exchange operators have direct access to your coins, and your login security does not matter at all.
legendary
Activity: 1960
Merit: 1176
@FAILCommunity
How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.


To me it's like losing your wallet and somehow find out that the money in it were used in one particular store. Then fill a lawsuit against that store, because they took the money.
full member
Activity: 132
Merit: 100
All you need is 2FA and you will be safe guys what's do hard about this.
legendary
Activity: 1092
Merit: 1000
So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised.

How many banks or stock exchanges would you do business with , that lost your money and did not report it to law enforcement.
Because at the end of the day , the actual crime occurred on their virtual premises.

Plus Not Reporting it and not doing anything about it , would make them look Guilty, not a good look from a PR standpoint.
Sorry we are looking into it , will not suffice as a answer, a 3rd party needs to be brought in to investigate.


 Cool
legendary
Activity: 1960
Merit: 1176
@FAILCommunity
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

You sir are first class asshole, 100% cock sucker.

It's a woman... Roll Eyes
legendary
Activity: 1288
Merit: 1000
I would also appreciate, if Bittrex, as a responsible business, would compensate my losses at least partially.

LOL wtf...I have bad OPSEC give me my money back...

You sir are first class asshole, 100% cock sucker.
legendary
Activity: 1288
Merit: 1000
How's the investigation going richie?
legendary
Activity: 1960
Merit: 1176
@FAILCommunity
So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

Why? As far as I know, nothing is pointing that the fault is on Bittrex. I believe that they continue to investigate the issue and will share the results with the people, which accounts were compromised.
hero member
Activity: 843
Merit: 1004
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.

we know the Local PCs were probably not compromised.


I'm 100% sure that local pcs (at least my own) were not compromised.
Now, when I set 2FA on all the exchanges I trade and changed the passwords all over, made a thorough examination of all pcs, updated antiviruses and firewalls, and bought me another big pack of condoms I can say that if my local pcs would be compromised the attacker would steal much more money from me easily Lips sealed
legendary
Activity: 1092
Merit: 1000
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.

So far the only common denominator has been Bittrex.

It seems like a 3rd Party should be called in to investigate everyone's claims.

As far as the local PCs, you guys should make an sector by sector Image backup of the whole drives, to preserve what is called the Chain of Evidence.
In case this goes to court, you can contact a lawyer to verify that.

Bittrex should give as detailed an account of what they believed occurred with a Timeline of the occurrences.

For example :
If their logs show the trading went on, when the user knows his PC was Off, we know the Local PCs were probably not compromised.
But Bittrex should have detailed Logs of the IP Addresses and Times, plus what coin addresses were used.

Also Direct Question for Bittrex, this was a cyber theft , what law enforcement agency will you be reporting this too, as the victim's should receive this contact info so they can talk with the investigator.

 Cool
hero member
Activity: 613
Merit: 501
You can keep guessing what happened or do what Richie said and start trying to figure it out. People who were hacked should prepare a report with the details about their os, installed software (especially wallets), e-mail provider etc. This is the only way to find a common denominator.
legendary
Activity: 1960
Merit: 1176
@FAILCommunity
Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum.

I'm sure that Bittrex guys already tried (and probably continue) to figure this out, but with no luck. 
hero member
Activity: 843
Merit: 1004
I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic.

Guys (those who lost your coins),

I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Sad

Perhaps you are right that nothing can be done here, but at least we can try to identify and find that scum.

Once again I propose to turn on immediate e-mail notifications for all users on each entrance to bittrex with the detailed information like time, IP address, browser info and such and perhaps even on each trade the users complete (since attacker can use compromised API keys as well). Now, even after 2FA set, I don't receive any alerts on failed attempts  Sad

IMO, if this would be done before, people wouldn't incur all these losses...
legendary
Activity: 1960
Merit: 1176
@FAILCommunity
I don't think this is an inside job. From what I've understood, so far 3 people confirmed they were "hacked" and 23,5 BTC were lost. That's a lot (at least from my perspective), but it would be stupid for Bittrex to risk their reputation for such amount. Imho, Richie is right (I'm not kissing your ass!) to act somehow diplomatic and not to reveal some things (such as how many accounts were compromised). Bittrex also didn't announce it on Twitter, which is again the right way, because otherwise it may cause unnecessary panic.

Guys (those who lost your coins),

I can only imagine how you feel about this and I'm really, really sorry for your loss, but it seems like nothing can be done here. Sad
Pages:
Jump to: