Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 8. (Read 22264 times)

So don't take any responsibility towards your users funds?

That just means someone was able to get your l/p ... nothing has changed... not sure why you think it has.

So my machine wasn't compromised.

UNKNOWN_IP_LOGOFF 134.3.254.67 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-02 11:17:09.710

So how about reimbursing my coins?

1300 rads
800 exp
15000 aur
333,000 bcr

Looks like i was mistaken... after a couple ticket responses and going back further in some cases... there have been login from IPs unknown.  Please focus on finding a common denominator to these attacks.

@spoetnik: it is complete fud and you know it.  scientific procedures requires actual proof.  I can tell you that we have not been hacked because the ramifications would be way worse and more evident.  It is also not possible for it to be an insider because there are only 4 (3 founders + chiznitz) of us that work here. All of us have much easier ways to steal money if we wanted to.  If you have actual proof, please provide it;  if not, lets focus on a common denominator.  I'd like an answer to this as much as everyone else.

richie@bittrex

I hope that your theory is not true, bittrex has been a pretty solid exchange, but if it is true then it would be the end for them.

Even if it was true, how would we prove it?

I do pretty much all of the 2FA resets.

There are 2 options here.  When you enable 2fa we display the Secret Key. If you write that key down and keep it in a safe place you can use it to enable 2fa from a different device or a new phone when you get it.

The second option will require you to provide us with some information about your account.

Please provide us with the following information.  Note that the higher the account value, the more details we will require.
1) Recent ip addresses you have logged into site with (You can find this by visiting, https://goo.gl/X3dxsh )
2) Recent transaction ids for any withdrawals and deposits you have made to Bittrex
3) Recent balances in your account

For Accounts valued at over $1000 USD we will require additional information for proof of identity.

1) 2 forms of government identification and a selfie of you holding one of those identifications where we can match your face. Please make sure the text on your ID is readable in all photos.




Lastly, for those of you turning on 2fa, please make sure you do so from a computer that may not be compromised.  If the attacker has access to your computer they may be able to see the secret key when you turn on 2fa and add it to their own device.   So again, please make sure you are turning on 2fa from a freshly installed OS or a machine that was not possibly part of your accounts compromise.

Thanks,

Ryan @ Bittrex

You need to write the private key on some paper and store it in a safe place, doesn't matter if you lose your phone then.

This is a weird mystery and where is the report(s) of failed login attempts.
AKA:email notifications on 2Fa users.. get it?

Apparently i am FUD'ing..
I like to call it Scientific procedure.

Being an inside job at Bittrex has not been ruled out.
Nor has Bittrex itself being hacked.
Sorry Bittrex guys but that is the truth.. your "word" is just not going to cut it.

I wish i had local access to all machines to check them out for you all.

I'd like to see the OP maybe build a profile of sorts.
Start by listing any downloaded/Compiled crypto programs such as Miners or Wallets.
And maybe list your Browser + OS too.. and if 2FA was on. (plus IP's of course)

What is it here now 3 guys that have come forward?

From the sounds of it i think the blame is either on Bittrex or the local users.
And more & more i am thinking it was a staff member behind it.
Maybe skimming account funds for ages with "you got hacked" stories.
But who ever is doing it, started doing it too much lately.

Bittrex you don't get the benefit of the doubt.. nobody in Crypto does.
That is what i call common-sense.

Does anyone know if it easy to disable 2FA in case you lose your phone?

never mind and forget about him . there are some nooob doing this every time..it is very series here for many of us because i am using bittrex for my daily trading since 2014

IF you read the first post you will notice this
Lesson learned
no place for haha here

It's not haha, it's fucking serious...

I lost 0.58 BTC on Bittrex 1 year ago . 2FA it was disabled. I have no problems when I Turn on 2fa.

Don't have 2fa enabled yet, should probably do that anytime soon haha.

I guess it's time to change the subject to "ALERT! Multiple Bittrex accounts hacked, TURN ON 2FA!!!"

We are still trying to establish weather it was our machines that were hacked or bittrex, having a password unique to bittrex doesn't make it un hackable.

so are you telling that your computer was hacked and that is how you lost your BTC's right . if you are having an unique password for bittrex then it is the only possible way.

Sure, but they are also ways which make it apparent the site has been compromised. If an employee does it the way described above, and cleans a few accounts every now and then and everyone blames the users getting hacked client side, he can keep low profile and keep earning a little extra on the side.

Or, a conspiracy theorist might think it's the Google's way to push people to link their identities to exchange accounts via the 2fa service.



Are these unknown IPs or IPs these users usually log in from?

You might wanna double bag those condoms, just to be sure.

Good question, indeed!
Now when I have changed all passwords, turned on 2FA all over even for my microwave, bought big pack of condoms and such, may I also ask the same: why only bittrex?