Pages:
Author

Topic: Multiple Bittrex accounts hacked everyone enable 2fa - page 9. (Read 22359 times)

legendary
Activity: 1288
Merit: 1000
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !

Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.


On other exchanges, I get login successful or failed email notifications, not on bittrex though.

How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.

Firstly, please stop trying to generate fud; its completely unproductive.  If our servers were compromised, there are way easier ways to get your money out.  It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours.  I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost.  Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar.   Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.

Thanks
richie@bittrex

UNKNOWN_IP_LOGOFF 109.93.135.147 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:06:14.713
LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:01:36.360




I just noticed something similar on my logs:

LOGIN 87.126.174.177 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-02 11:59:37.770

That's not my browser, this is me:

LOGIN **.**.76.98 Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:36.0) Gecko/20100101 Firefox/36.0 2016-04-02 12:45:36.673
hero member
Activity: 843
Merit: 1004
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !

Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.


On other exchanges, I get login successful or failed email notifications, not on bittrex though.

How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.

Firstly, please stop trying to generate fud; its completely unproductive.  If our servers were compromised, there are way easier ways to get your money out.  It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours.  I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost.  Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar.   Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.

Thanks
richie@bittrex

UNKNOWN_IP_LOGOFF 109.93.135.147 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 15:06:14.713
LOGIN 194.204.45.101 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 2016-04-01 14:01:36.360


legendary
Activity: 1229
Merit: 1001
don't use the same password at multiple exchanges or with pools.
prob best to use something like last pass

and always use 2fa
legendary
Activity: 1288
Merit: 1000
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?


I can't say exactly how many accounts were affected, but it is an uptick from our normal volumes.  I have no clue why nothing else was affected, but I've sent your logs to you via the ticket.  If you want to ask any other questions, feel free to find us in our slack - slack.bittrex.com.

thanks,
richie@bittrex

Please keep us updated if you find out any more info.

Errrr, I feel violated Tongue
hero member
Activity: 937
Merit: 1000
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?


I can't say exactly how many accounts were affected, but it is an uptick from our normal volumes.  I have no clue why nothing else was affected, but I've sent your logs to you via the ticket.  If you want to ask any other questions, feel free to find us in our slack - slack.bittrex.com.

thanks,
richie@bittrex
legendary
Activity: 1288
Merit: 1000
I just had a thought, if this attack was initiated from my machine, then why wasn't any other of my exchange accounts effected? Why just bittrex?
legendary
Activity: 1288
Merit: 1000
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !

Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.


On other exchanges, I get login successful or failed email notifications, not on bittrex though.

How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.

Firstly, please stop trying to generate fud; its completely unproductive.  If our servers were compromised, there are way easier ways to get your money out.  It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours.  I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost.  Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar.   Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.

Thanks
richie@bittrex

Thanks for the reply richie.

Means this is a cross platform attack, and the attack was from user IP's (yet to be confirmed) some sort of browser plugin hack makes more sense.

Just checked my browser plugis in firefox, I didn't see anything that wasn't supposed to be there, that being said they could of modified an existing plugin.

please mail the effected users with their login logs so we can double check that it was an attack initiated from our local machines.

So how many accounts have been effected?

I suggest that all people effected reformat your OS, it can't be trusted anymore.

legendary
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
Using Windows crap OS?
hero member
Activity: 937
Merit: 1000
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !

Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.


On other exchanges, I get login successful or failed email notifications, not on bittrex though.

How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.

Firstly, please stop trying to generate fud; its completely unproductive.  If our servers were compromised, there are way easier ways to get your money out.  It doesn't make any sense. What I can tell you is that there have been multiple accounts hacked with the same pattern, all within the last 48 hours.  I can also tell you that none of the affected accounts had logins from suspicious or unknown IPs which leads us to believe it is a rooted machine vs credential lost.  Lastly, this isn't specific to an OS based on the UA strings we've seen which points to some kind of browser plugin/toolbar.   Please crowdsource this to figure out commonalities and please turn on 2fa if you do not have it on.

Thanks
richie@bittrex
legendary
Activity: 1288
Merit: 1000
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux  user, I always compile from github source.

What was the last wallet you downloaded? Which coin, I mean. Same question to the others who were hacked.

Last wallet I compiled on this machine was Britcoin, I know the devs on that one plus I got the source from github. That was about a month or more ago.
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux  user, I always compile from github source.

What was the last wallet you downloaded? Which coin, I mean. Same question to the others who were hacked.
legendary
Activity: 1288
Merit: 1000
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !

Interesting theories, i'm leaning towards, the bittrex servers being compromised, and the hacker is picking off all the accounts without 2fa with at least 1BTC in them. I think your $20 is safe lol.


On other exchanges, I get login successful or failed email notifications, not on bittrex though.

How does the attacker know if the account has 2fa? Unless they try logging on to them one by one.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
hmm interesting how this is turning out.
I have sort of known Ryan and chatted with him a bunch of times last few years.
And best i could tell he seemed like an honest guy.

I last talked to him i think on Cryptsy's Freenode IRC channel.
Where i do know Bittrex-Ritchie hangs out (and i believe is higher up than Ryan)

SO you *may get answers if you go on IRC and find Ritchie.

So i checked my account and it was fine and i have no 2fa either.
I also have maybe $20 worth of coins LOL

But this got me thinking if a hacker is trying multiple accounts
why has no one come forward saying they got alerts from failed login attempts ?
Like how would you know the account has 2fa or not unless you TRIED logging in?
Like i have used my email on places and i notice some attempts randomly to get into my Steam account (all failed)
Point being is i get a validation email + warning etc.

So if no one is getting any alerts then how the fuck does the hacker
know how to choose only accounts with no 2fa.. unless they work there LOL

I could work at an exchange then rip-off all kinds of guys and i would of course pick the guys with no 2fa
then i would tell them all well you got hacked noobs.. fix your Norton + updates yur Bitcointalk !
legendary
Activity: 1288
Merit: 1000
legendary
Activity: 1288
Merit: 1000
Did you use a public wifi spot?
Is your wifi in your house protected?
How many persons do have access in your (home)network?


I'm on my home network, cable only, wifi is disabled, I don't like to use it. Due to the security and health implications.

Only I have access to the network.
newbie
Activity: 50
Merit: 0
Did you use a public wifi spot?
Is your wifi in your house protected?
How many persons do have access in your (home)network?
full member
Activity: 225
Merit: 100
legendary
Activity: 1288
Merit: 1000
The thing is that I stupidly been keeping my coins on the exchange, I haven't downloaded a wallet for several weeks, even then because i'm a linux  user, I always compile from github source.
legendary
Activity: 1288
Merit: 1000
Just got this reply from bittrex:


 Ryan Hentz (Bittrex)

Apr 3, 07:38

Hi,

It doesn't matter how many have lost their funds, if you all downloaded the same software it makes perfect senses.

I'll get this to someone who can send you the login history data.

Thank you,

Ryan


hero member
Activity: 843
Merit: 1004
Here is the answer I've got Bittrex:

Quote
   

Ryan Hentz (Bittrex)

Apr 2, 19:08

Hi,

Our records show that all orders placed on your account were done so from your typical login ip. This means the attacker somehow has access to your machine. Have you installed any new software recently? This includes things like browser plugins.

The attacker also immediately withdrew the coins from his account via the api. There is no way to recover the funds.

Please make sure to enable 2fa to protect your account from being breached in this way.

Thank you,

Ryan


The whole day I'm trying to find any traces in my local machines. Nothing so far  Sad
Any findings, leigh2k14?

I haven't found a thing yet mate, ask bittrex for proof that your account was accessed from your machine

If they are lying to us then the problem is on their end.

Sure, I've asked for the logs, because I see not any single evidence of intrusion locally.
Pages:
Jump to: