hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.
I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)
SO you *may get answers if you go on IRC and find Ritchie.
So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL
But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.
So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL
I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.
On other exchanges, I get login successful or failed email notifications, not on bittrex though.
How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.
Firstly, please stop trying to generate fud; its completely unproductive. If our servers were compromised, there are way easier ways to get your money out. It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours. I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost. Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar. Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.
Thanks
richie@bittrex
UNKNOWN_IP_LOGOFF 109.93.135.147 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:06:14.713
LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:01:36.360
I just noticed something similar on my logs:
LOGIN 87.126.174.177 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-02 11:59:37.770
That's not my browser, this is me:
LOGIN **.**.76.98 Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:36.0) Gecko/20100101 Firefox/36.0 2016-04-02 12:45:36.673
