Author

Topic: My fund in bittrex unauthorised withdrawal without 2FA code (Read 238 times)

sr. member
Activity: 742
Merit: 251
PRIVATE FEDERATED BLOCKCHAIN
the loss of your current funds is purely your own fault, you are using a trading bot that means you have weaknesses, bots don't always work well, but bots have weaknesses like the chaos that happens to you right now
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Yup u’re right heretik this 4 permission setting all I on it,suppose the last one I off it for withdrawal part! Ohh no..which mean now all problem is come from me,I should untick the withdrawal part..shiit happen! Sad

Geez, sorry to hear that.

At least we got the mystery solved, I guess, but please take a lesson from it.

API keys are a very powerful thing and if you're not careful handing over API keys is pretty much the same as handing over your credentials. Worse still, in some cases API keys can even override some of the other security measures you've taken, as you've painfully noticed.

Don't hand your API key to a software you can't trust (ie. most of it). If you insist on passing your API key to a 3rd party service, make sure to lock down permissions as much as possible. If you can't lock down API permissions, don't use 3rd party software.
jr. member
Activity: 378
Merit: 3
this case look very unlikely someone have hacked through the server but bittrex wont process withdrawal without conforming 2fa codes
member
Activity: 458
Merit: 10
if your funds have been lost, I don't think it can be taken back, but you should need to send a ticket to Bittrex, and in the future you need to be more vigilant.
legendary
Activity: 1638
Merit: 1163
Where is my ring of blades...
it is best to move this topic to trading discussion board (there is a button at the bottom of the page) the reason why I say this is because there are a lot of newcomers there who keep asking about bots because they want to make profit and they think the bot can do that for them (due to their false advertisements) and I always keep telling them to stay away from any bot as long as they consider themselves newbies (not-experts).
this topic is a good lessen for them.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I would like to say whenever I want to log in my bittrrex account,I use the existing bookmarks that I already stored.

This was your mistake, because a hacker can easily edit a Bookmark to re-direct you to a phishing site and once you entered the username and password, the hacker just retrieved the login credentials and changed the Bookmark back to the original site. This will mainly go unnoticed, because it will just result in a login failure for 1 attempt and when you close the app and try again, you will be re-directed to the correct Url.  Tongue

We have to be very vigilant with our browsing habits and for this reason I always type Url's for sites where people can get access to my coins.  Bittrex will just wash their hands and put the blame on the customer.  Angry
legendary
Activity: 2618
Merit: 1105
Can you check in your account settings which permissions the used API key had?

There are 4 permissions settings that you can turn on for Bittrex API keys: 1) Read Info, 2) Trade Limit, 3) Trade Market, 4) Withdraw.

If you gave the API key the permission to withdraw then you got the culprit, because from what I can see in the Bittrex API documentation their withdraw call doesn't check for 2FA.
Yup u’re right heretik this 4 permission setting all I on it,suppose the last one I off it for withdrawal part! Ohh no..which mean now all problem is come from me,I should untick the withdrawal part..shiit happen! Sad

Even if you remove that tick mark from the "Withdraw" part, nothing would happen as the master behind the key already took the advantage of your stupidity (sorry but that's really stupid to use API keys without knowing what you are playing with, API keys are not less than 🔥). But it definitely proves as a lesson for you and others not to do it like this again and carefully go for any API key in the future.
newbie
Activity: 7
Merit: 0
First things first, there is no way you could get the amount that you lost back into your account. Sorry for that mate.
Based on my research I would say that these third party bots cannot be trusted in any way. These bots have the potential to transfer the funds to other addresses.
If you have installed any softwares provided to you by any of these third parties then kindly uninstall them and clean your PC.
You should also check your PC for any such suspicious apps that may actually be a keylogger or clipboard changer or that might be sending the copied texts to somebody.
The fault is probably yours that you trusted some third party application. Be careful the next time and try to avoid such things.
By the way thank for your info sir..Sure mate I will uninstall all this third party apps and clean it my pc!huhu lots things to do,change password and disable and enanble back my 2fa code..huhu Undecided
legendary
Activity: 2492
Merit: 1232
Ain't used bot in trading or third parties tools, because for me sharing your API is just like you've also shared your private key, they can also access your account. AFAIK, they can't withdraw if there's no permission from your Gmail account or having code from 2FA authentication that you've set. Probably you've got an encountered phishing link that has troubled on your PC used in copypasting codes.

yeah I check already it’s in the tick mode for withdrawal!first of all I didn’t know about the setting but true enough  almost a year I trade with my bots,30 days before expired my bots this culprit took of my fund! :'(thanks buddy
Sorry for you're lost mate, I think next time don't trust trading bot just do your own for safety purposes. All you have to do is contact the support of Bittrex team but once transaction completed ain't know if you can recover it.
newbie
Activity: 7
Merit: 0
Can you check in your account settings which permissions the used API key had?

There are 4 permissions settings that you can turn on for Bittrex API keys: 1) Read Info, 2) Trade Limit, 3) Trade Market, 4) Withdraw.

If you gave the API key the permission to withdraw then you got the culprit, because from what I can see in the Bittrex API documentation their withdraw call doesn't check for 2FA.
Yup u’re right heretik this 4 permission setting all I on it,suppose the last one I off it for withdrawal part! Ohh no..which mean now all problem is come from me,I should untick the withdrawal part..shiit happen! Sad
member
Activity: 606
Merit: 10
I faced the same trouble with your where my asset and account could not access because I lost my 2FA code, my phone broken and I can't open to my bittrex account, I am trying contact team of bittrex but too hard for clear my account trouble.
newbie
Activity: 7
Merit: 0
I know a little bit about this API thing.
If you allow to trade it, it will trade and if you allow it to withdraw, it will be able to send funds without your consent if you have not saved any 2fa security in your account. Did you check the API key in full before applying it in your account?
2double0,
yeah I check already it’s in the tick mode for withdrawal!first of all I didn’t know about the setting but true enough  almost a year I trade with my bots,30 days before my bots expired this culprit took of my fund! Cry
thanks mate
newbie
Activity: 7
Merit: 0
only the other part that I’m curious I have used auto trading bots from the third parties ‘CWE bots’.in this case is it the API key that I stored from my bittrex account to the bots trading big potential will be unexpected unauthorised withdrawal? Huh
Probably, but i'm not really expert on API things. Is CWE mean Crypto World Evolution? I search CWE Bots on google and a lot negative review about it, and i found this medium post https://medium.com/@craig.b.macgregor/crypto-world-evolution-scam-alert-1b5ef3f4f71
Quote
CWE Trading Bot is promoted by “Crypto World Evolution” and various individuals on social media as an easy way for people who are new to cryptocurrencies to invest and make passive income. They claim the software can earn you double digit daily profits and want you to buy the trading bot software for $500 or $2500 for the pro version. I have spent my weekend investigating this product and the team behind it. All the evidence suggests that Crypto World Evolution is a Ponzi scheme and the CWE Trading Bot software is likely to be programmed to steal your cryptocurrency.
since i don't really know much about API, so maybe other people can answer your question.

My seconds thought is your hardware probably get infected by keylogger or similar malware. Maybe when you copy your password and 2FA secret key, it directly send to the hacker.
Thanks buddy,I didn’t know almost all bots stuff are scam to people!sad from the MEDIUM article show this CWE is a ponzu scheme! Sad
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
First things first, there is no way you could get the amount that you lost back into your account. Sorry for that mate.
Based on my research I would say that these third party bots cannot be trusted in any way. These bots have the potential to transfer the funds to other addresses.
If you have installed any softwares provided to you by any of these third parties then kindly uninstall them and clean your PC.
You should also check your PC for any such suspicious apps that may actually be a keylogger or clipboard changer or that might be sending the copied texts to somebody.
The fault is probably yours that you trusted some third party application. Be careful the next time and try to avoid such things.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Can you check in your account settings which permissions the used API key had?

There are 4 permissions settings that you can turn on for Bittrex API keys: 1) Read Info, 2) Trade Limit, 3) Trade Market, 4) Withdraw.

If you gave the API key the permission to withdraw then you got the culprit, because from what I can see in the Bittrex API documentation their withdraw call doesn't check for 2FA.
member
Activity: 532
Merit: 15
Please ask the Bittrex team if they allow transactions without 2FA through API or not - that would be the Right thing to do and also will save you time.
sr. member
Activity: 1918
Merit: 268
20BET - Premium Casino & Sportsbook
Hello guys!

After couple of day I’m realise my account having suspicious unauthorised witthdrawal!i already Submit a ticket to bittrex,but unfortunately my fund cannot retrieved back!this email I received from bittrex.’Please know that we take each of these reports seriously, and that we have investigated potential causes of your loss of funds.Based on information you provided and other information that we have gathered, it is clear that your login credentials (username/password combination) were lost outside of the Bittrex environment’.so bittrex told me there’s really is no way to recover my funds at this time Cry. I would like to say whenever I want to log in my bittrrex account,I use the existing bookmarks that I already stored..For your info I never use public wifi when i want to make a trading stuff such as bittrex,for safer I’m using home wfi or my personal hotspot.I always make sure every time I login my bittrex account not in the phishing site.what I tried to send my message here,I try to be vigilant when I surf into my account.only the other part that I’m curious I have used auto trading bots from the third parties ‘CWE bots’.in this case is it the API key that I stored from my bittrex account to the bots trading big potential will be unexpected unauthorised withdrawal? ???thank you for your reply.

Proof of transaction without 2FA code👇🏼

https://imgur.com/a/Hs9kQrV
This incident is similar to my friend, but most cases of bots that they use in the API only cost money in trading, I never use a third party or anything bot for security I trade manually, when I have to buy and sell, but for your problem I also find it strange why it can access also in withdrawals, I don't understand the whole API in the software you are using, maybe I will see other opinions here at least get a little lesson in this thread
legendary
Activity: 2618
Merit: 1105
I know a little bit about this API thing.
If you allow to trade it, it will trade and if you allow it to withdraw, it will be able to send funds without your consent if you have not saved any 2fa security in your account. Did you check the API key in full before applying it in your account?
sr. member
Activity: 1218
Merit: 410
Secure your crypto : https://notyourkeys.org
only the other part that I’m curious I have used auto trading bots from the third parties ‘CWE bots’.in this case is it the API key that I stored from my bittrex account to the bots trading big potential will be unexpected unauthorised withdrawal? Huh
Probably, but i'm not really expert on API things. Is CWE mean Crypto World Evolution? I search CWE Bots on google and a lot negative review about it, and i found this medium post https://medium.com/@craig.b.macgregor/crypto-world-evolution-scam-alert-1b5ef3f4f71
Quote
CWE Trading Bot is promoted by “Crypto World Evolution” and various individuals on social media as an easy way for people who are new to cryptocurrencies to invest and make passive income. They claim the software can earn you double digit daily profits and want you to buy the trading bot software for $500 or $2500 for the pro version. I have spent my weekend investigating this product and the team behind it. All the evidence suggests that Crypto World Evolution is a Ponzi scheme and the CWE Trading Bot software is likely to be programmed to steal your cryptocurrency.
since i don't really know much about API, so maybe other people can answer your question.

My seconds thought is your hardware probably get infected by keylogger or similar malware. Maybe when you copy your password and 2FA secret key, it directly send to the hacker.
newbie
Activity: 7
Merit: 0
Hello guys!

After couple of day I’m realise my account having suspicious unauthorised witthdrawal!i already Submit a ticket to bittrex,but unfortunately my fund cannot retrieved back!this email I received from bittrex.’Please know that we take each of these reports seriously, and that we have investigated potential causes of your loss of funds.Based on information you provided and other information that we have gathered, it is clear that your login credentials (username/password combination) were lost outside of the Bittrex environment’.so bittrex told me there’s really is no way to recover my funds at this time Cry. I would like to say whenever I want to log in my bittrrex account,I use the existing bookmarks that I already stored..For your info I never use public wifi when i want to make a trading stuff such as bittrex,for safer I’m using home wfi or my personal hotspot.I always make sure every time I login my bittrex account not in the phishing site.what I tried to send my message here,I try to be vigilant when I surf into my account.only the other part that I’m curious I have used auto trading bots from the third parties ‘CWE bots’.in this case is it the API key that I stored from my bittrex account to the bots trading big potential will be unexpected unauthorised withdrawal? ???thank you for your reply.

Proof of transaction without 2FA code👇🏼

https://imgur.com/a/Hs9kQrV
Jump to: