Topic: WARNING! 40 000 USD was stolen fom BTC-e.com account! (Read 10795 times)

It's sad to lose assets that we often check and this is convincing evidence to all of us that never keep assets in one place too big, and when I experienced a tragic event some time ago, my metamask was hacked and around 160 CAKE was lost (when it's worth around $1200) and this is an important lesson I won't keep more than $500 in assets in a single wallet.

It seems very funny that you’re forgetting about one little fact… I mean that it was you who have asked me to give you a recommendation. I’ve seen you as a reasonable person and practically begged the BTC-e admin to give you the moderation rights. And I mean it, since I really  kneeled before him like if he was my vassal or whatever. I even offered him my deposit of 30000 USD as a guarantee that you’ll act honestly and impartially. There is no joke on this statement, I claimed all responsibility for all future actions performed from your account. This seems very funny nowadays, as it seems that human hypocrisy has no limits. It’s really easy to forget something when it contradicts with your point of view. I’m offering you my congratulations, because I’m going to recognise your person as a certified hypocrite since this date. Whether you were deleting any messages or not, it was done by your choice and nobody had any degree of control over your own actions,

Let me say this again, I congratulate you for becoming a certified hypocrite.

Yes even in you have a strong case (which i doubt) you will just lose more money.

Learn to never trust a third party which you can't fight legally in case something happen.

And for starters.. enable 2FA.. it's 2015 mate!

Dude,


Those lawyers will rip you off some more...you will never get a cent back from btc-e, but you will pay several thousands to the shark lawyers that told you that Btc-e is responsible for your loss...the lawyers always tell you what you want to hear, they will never tell you something like : "accept that you lost and move on"...because if you fight btc-e, it means they get paid...so their opinion is far from being objective...btc-e is very shady as a company, even if you find out details about the company, the company is a ghost...names, addresses...same like perfectmoney and many others...welcome to the e-currency world...

My best advice to you is to move on...you will pay extra for the lawyers and will end up in the same boat an year from now...the lawyers will always tell you what you want to hear, just use common sense to pull yourself from this shit...you are your own best friend

Don't make an useless assumption, you don't even show us the proof that this is an inside job
Stop freak out and blame yourself for not setting up 2FA
Also, passwords can easily opened with social engineering or brute force

Same thing happened to me, i lost 10,000 but i'm not going to lie down and listen to everyone say you have no chance to do something about it. Even the biggest companies have been brought down... BTC-e is not in this league to not come down. What is will take is determination to make something happen which i have already started with my legal firm. Here is what my legal firm have said:

"If the accounts that you deposited your funds have been hacked they can still be liable for negligence. They ought to have taken all necessary steps to safeguard your funds and/or insure your funds. In addition from the moment that we do not have any sufficient evidence yet that the accounts have been hacked we can also consider this as illegal withholding of your funds and/or fraud."

I am looking for more people who have been robbed and don't want to lie down and accept what has happened. Please stand with me to fight for justice against this. I will take more than just myself to make this happen so if you have been robbed stand with me and we will fight this as one. Lets hold BTC-e accountable and take some responsibility 'even' if we did not have 2FA.

So far we have the legal registered name of BTC-e which they operate under and the country it is registered in and it's not Russia, Bulgaria, Cypress, America etc... All information will be given to the people who stand up and show their support to this crime.

If you want to show support for this please email me and say i would like to show support. Email here: [email protected]

Hoping to hear from you.

Let's stand together.

btc-e admins easy can do it, guy with nickname QWERTAS just 30 mins ago ban me for 666 days after I said that administration of btc-e.com earning money on dumping and pumping forks, I talk about ppc, after 1 guy find that someone on btc-e store 5 000 000 ppc , btc-e.com start fast change wallets of ppc for users cant find that btc-e.com have 5 000 000 ppc, after that many users have delay 5-6 hrs for withdraw ppc, also I was banned for 666 days when I said that in chat so I think they can hack you account and do pump on your money easy. Also when I was banned no one in chat not saw that, they delete notification of ban, so when they ban someone no one not see that now

To be honest I know several people holding a lot more than $40k in Btc-e....none of them had a problem...and I know for sure they don't use 2FA....there is malware for MAC you know, my guess is that he has an infected machine...I doubt that btc-e would screw him over 40k, btc-e has made millions...but who knows ?! rogue btc-e staff...could be....still the 1st thing I would do is to format my machine...90% sure that's where the problem was in the first place

Thats so sad man 

This story is suspicious but there is plausible deniability for BTC-e to claim your account got hacked another way. I do find it odd that your account got hacked when you use a mac however, there are very few viruses targeting Macs.

Why haven't you filed a police report? Do it

Calm down, you aren't going to do shit.  First, you obv didn't do your due diligence.  Second, BTC-E does all sorts of fuckery to try and help prevent phishers and what not from stealing your shit.  Third, good fkn luck finding anything about them for your legal proceedings.

Wait the three days and then move on.  Perhaps this time use an exchange that isn't some Bulgarian/Russian exchange that all of the criminals use.

Quit acting as if BTC-E wasn't a scam, you pathetic troll! I'm so tired of this shit and now that these criminal assholes have fucked my life, I will give them their money's worth.

Why did you store $40k and not activate 2FA? Can you post a pic trade history?

---

Attention: new phishing attacks!

These pathetic liars and thieves are advertising "instant deposit/withdrawal all coin" although they will just withhold funds from new users for at least three days without prior announcement.
Completely ruined my weekend.
I told these criminals to return control over MY FUNDS to me within a couple of hours. No reaction, so I will proceed against them in every legal way available to me now. Watch me.

Godzilla99, where are you?

BTC-E have self-mode topic in Service Announcements.
It is not good sign.
You try write to official topic?

I have deleted posts in official topic, ban's in trollbox chat.

I had a chat moderator in btc-e before.
But I wrote about scam of other chatmoderator( and itzod and ltcmine and novacoin owner) Balthazar on the bitcointalk.
And I was deprived of authority chatmoderator.
In the chat me block (3 days, 15 days, 60 days) under the false pretext.
And even do so without explaining the reason.
In the official topic my message was deleted.


I suffered for the truth about Bathazar scams!

so the moral of the story is use 2fa or get possibly screwed over.

yes i agree, btc-e is pretty silent, and who is the owner of that site isnt known until now so if they decide to run away, no one will have anyone to sue

It is only assumption! One of the two I can make considering the facts. May be there is something else, but they are so silent. No one official reply to the forums only one reply to an email: "Your account is blocked the situation is under investigation"!
It is allready 10 days has come over!  What else can assume??? Look at the history of the deals.
takebin.com/u/ddc185a5A5

And there were such deals two hours before!

this is not a solid proof for saying that there was a thief inside btc-e team, you need a more solid proof before you accuse btc-e stealing your coins

There are some news about hacking my account. There is charts bitcoinwisdom.com/markets/btce/ltccnh here.
if you go on the chart to 07/02/2015  3-30AM you will see the price down to 1 CNH for LTC on the candle. That was the time when my account was hacked and all deals from my account were made 3-30 - 4-00 AM.

But if you go on the chart to 07/02/2015 1-30 AM you will see the similar price down to 1 CNH for LTC on the candle with an even  bigger volume sold.

Therefore I can make a definite  conclusion that there were some other people who suffered from that hack (I really doubt that somebody would have made deals on LTC/CNH by that price on his own money)

That means that either the btc-e was hacked through there own vulnerability or there was thief inside btc-e team.

Disclaimer: I always use 2FA to secure the access to my accounts.

Having said that it is fucking ridiculous that the OP user is blamed by many in this thread for not having 2FA in his account. Because ... there is an absolutely doggy exchange nobody knows it operates where, perhaps it is in fucking Bulgaria or perhaps it is in Zimbabwe, we don't know where, it uses Czech banks and having registered the business in Cyprus by nobody knows who ... but regardless wherever and whoever they are the exchange is offering a service of performing financial transactions and the condition of the service was clearly not that the user must have 2FA. The terms of conditions isn't that must have 2FA otherwise the exchange unable to keep safe the coins - quite the opposite, any sane person quite rightly would assume and expect that the exchange (by definition) will keep the coins safe or if there is a claim that the coins were stolen then the exchange would do a full and thorough investigation instead of saying that fuck off because the user must have 2FA. Yes, the best practice is having 2FA settings, but since it was not the condition of the service the exchange must look into the case and take responsibilities for the loss of the funds. I am sure the exchanges experience with many false claims about stolen funds, but for that reason the dealing with complaints must be a standard procedure and the communication (IP Addresses, etc) and transaction logs must be available for users who initiate a complaint without police investigation.

The jurisdiction is Cyprus. I suggest the user contact the Cyprus police and bring the crooks of BTC-E to justice, it is time the owners pay for the doggy anonymous jamboree when they take the commission and profit from the transactions, but not willing to take responsibility of their poor system security and business practices.

Your only avenue of recourse seems to be reporting the matter to the police. No one else is going to be able to help you.

I'm glad that you have been swayed, as much as any security feature can be hacked they do actually exist for a reason and make a serious difference in protecting you.

Best of luck.

I'm allready swayed! But question is quite different! There is my fault that I have not payed attention   . But what I'm trying to say that there is there fault too and .
1) If ssl or tls is easy to be hacked  http://resources.infosecinstitute.com/end-ssl-poodle/
they should inform about that  in that case 2FA should be obligatory!
2) They should care about the clients like me (keeping that amount of money there) and investigate this case carefully because there is a big chance that is not me is hacked but them

You should also link to some resources that cover how 2FA can help to stop unauthorized access.

Given that the exchange just had 7000+ BTC stolen you're probably never going to get help (even with a warrant).

And there are the links to posts about the fact  SSL and TLS protocols has a big holes in architecture  which means that
it can easily be hacked!
In english
http://resources.inf...end-ssl-poodle/
In Russian
https://xakep.ru/2014/10/15/poodle
https://xakep.ru/2014/12/09/poodle-tls

I'm not a troll this are screenshots and hystory of the thief
My account screenshot http://takebin.com/u/0FC2B0F46c
Here are esxamples of  screenshots of the deals
http://takebin.com/u/b388b2046f
http://takebin.com/u/1F62B33F07
http://takebin.com/u/a672126fAa
http://takebin.com/u/263275A427
Here is the full story in RTF of how the money was stolen
http://takebin.com/u/5141367820

You are being unreasonable. No one would bother hacking a email than a 40,000 USD account. The possibility of malware infection on your computer is high considered that theres no 2FA configured on your account. If it is a inside job, there would most likely be no trade of IP logins.

I don't personally think its someone making this up; but everything on here (whether from ranked members or new accounts) should be taken with a grain of salt until proven otherwise.

We should still, as a community, read what this person has said to offer advice etc--in this instance the original poster honestly believes that 2FA is pointless and does not want to be swayed the other way. Good for them.

No no, he was wrong because he didn't set up the 2FA but he was also unfortunately unlucky. The first thing that I do when I register in a site it is to check if "they" are using the 2FA , and then set up it.

Don't know if it's a troll or not but somebody lost a lot of money on Feb 6th on LTC/CNH market that is for sure.

Also makes me wonder how many of these strange flash crash & price spike incidents that are blamed on "fat finger" traders and bots gone haywire are really hacked accounts having their funds stolen through transactions.

Put up the sign.... "Do not feed the troll"

It's just another newbie account, claiming ...."My coins were stolen" !!! .......Anyone can post @#$% like that.

I would take this seriously when it's coming from a ranked member with a good reputation.

If it's real, and from a ranked member trying to hide his/her real identity... then I apologize in advance and says one word.... 2FA 

so op has 40k on btc-e without 2 factor auth?  anyone else feel like leaving your money to be stolen.  maybe a few bucks without 2fa but 40k?  i think not.  seems if it was an inside job they wouldnt need the email confirmation.

i really doubt op had that much in there.  but who knows.  anyways these exchanges are not to be trusted.

+1, I always open my g-email with 2FA although I have 100 USD or 10k USD there, the simple computer security knowledge is necessary. Very sad about this guy, hackers are becoming richer, damn!

you din’t set two factors authentication That's the point, why didn't set it?

Did u usually chat in the trollbox? All guys talk there will get phishing emails, I guess you were fooled by the phishing emails.

Read the thread fully. This is why I find the initial post to be misleading--nothing was theoretically stolen, just someone accessed this person's account and made unauthorized trades.

This is what turns some of clients off from creating 2fa on btc-e (https://btc-e.com/profile#security/2fa)


Its not even translated to english, funny for a site with so much daily trading volume

2FA enabled or GTFO.   

But really, can someone explain how this happened? 

BTC-e requires clicking a email confirmation link for withdrawals (even without 2FA).  And didn't the OP say his email was not compromised?  Or was it... 

Who here even believes that he was hacked 40k??

I do not believe him and if i did, i would laugh anyway i use 2fa on holdings on $500 on an exchange anyone that loses that amount without securing it takes full responsibility for being one of the stupidest people i have met on this forum/real life.

How do you feel knowing you're funds would have been safe had you took 2 minutes to enable 2fa?

If those money never left exchange due to AML rules, then the loss is small, not stolen

• From a legal standpoint I assume it would still be theft.
• From a literal standpoint, no money actually left his account--only unauthorized transactions took place.

Regardless of anyone's personal feelings the distinction between these two is vitally important is that he falls into the second category and is asking the exchange to reveal confidential information about other users of the service without a court order/warrant. The idea that any exchange or organisation would reveal such private information about its customers with no court order/warrant would basically never happen in a million years.

Even with a court order/warrant you're assuming that anyone who was "the other half" of his transactions is guilty and putting their privacy at stake--this is likely impossible to ascertain and sounds more like a matter for a legal investigation.

Should an exchange breach other user's privacy because some guy didn't bother to use 2FA? No, and if the answer was yes then no one would ever use that exchange ever again.

Personally I abhor people that steal or gain access to other users accounts and then proceed to do malicious things, I believe they should be persecuted to the fullest extent of the law. Having said that, in this instance the victim (i.e. the author of this thread) should realize how their naivety and laziness was likely the primary reason for their loss and also that no reputable organization on Earth would go about releasing information about other users in this same situation without a court order/warrant.

I strongly disagree with the title of this thread and the initial post as they are both greatly misleading to most readers who won't bother to be critical and will take it as face value (and no, I'm not associated with the exchange). I think the victim in this situation refuses to admit that their arrogance and naivety when it comes to security caused this issue and nothing else. If you have 40,000 USD on a website you should take security a lot more seriously.

It is also disheartening to see people learning about promising technologies like bitcoin etc while failing to adequately research basic account security. If anyone is reading this right now and has anything of worth stored on their exchange accounts, gmail/dropbox/banking websites and currently does not use 2FA I strongly urge you to start using it. It isn't some fantasia bullshit, it is the 6 digit code that stands between you accessing your account and some random on the internet being able to essentially rob you of 40k USD. Regardless of what anyone says about it being imperfect it still does a lot more to protect your accounts and private data than having nothing at all in place.

Bottom line:
Not having 2FA enabled = 40,000 USD mistake.

Wouldn't his BTC/Cash still be considered stolen? I mean if someone breaks into your house while your away and you only locked the one door lock, would it make it any less of a break in or explained as a 'unauthorized entry' because the home owner had a dead bolt and/or alarm system that he didn't use? Sure he had extra precautions he didn't utilized that may have prevented the break in, but it doesn't lessen the fact that someone still broken in to his house all the same, no?


As to the OP, you should defiantly enable 2FA if you haven't yet. Say your house gets broken into, you are basically using the argument "I didn't bother to lock my door because thieves could have just picked the lock anyway". Hopefully that puts it into a better perspective.

Very sorry for that loss though, I do hope you get some form of resolution from it

Its not any single point of failure that causes these situations.

Its a multitude of different problems (mostly attributed to people being lazy):
-not activating 2FA
-not activating logging features on their accounts
-sharing email addresses and/or passwords between accounts
-not running antivirus/malware scanner
-assuming your operating system is 100% immune to viruses or malware (dear mac users your operating system is not, has not and cannot be 100% immune to being compromised)
-sharing your computer with idiots
-installing stupid applications and/or opening stupid links
-assuming people you know won't steal your shit when it can never be traced back to them
-letting other people know how much money you have and where
-blindly trusting web-based wallets etc that aren't decentralized
-installing pirated software which can compromise your system
-using wifi, wireless keyboard/mice or stupid technology that could easily compromise your internet money (if you live in the jungle use wifi, if you live in a crowded urban area where anyone within 50 metres of you could sniff all your personal data then you're an idiot)
-keeping all your eggs in one basket; even if I was trading anything even remotely approaching 40,000 USD, let alone 1000 USD I would sure as shit not store it all on one exchange with no fucking 2FA.

You should not be storing 30 btc on a web wallet like blockchain. Period.
You should not be storing 40,000 USD worth of anything on any online account that doesn't have 2FA. Period.

Part of the responsibility does fall on this exchange for not requiring 2FA or not requiring authentication of transactions via email account, however the problem is that this user is basically incompetent (proven by the fact they refuse to believe 2FA is important) and they then go and write misleading statements regarding their account (no, your money wasn't actually stolen which is what prevents the exchange from helping you) and tries to brush off their own irresponsibility and laziness as not having attributed to the situation (if this user had 2FA enabled then I would be in no position to criticize as much).

thats an expensive lesson learned.. always use 2fa.

but even sometimes using 2fa incidents still occur, like the whole blockchain.info wallet madness a couple weeks back or a month ago.

people got like 30 btc stolen forwarded to other accounts etc.

thats a huge fuken loss.. but they had a history of missing deposits in the past. or honoring the deposits they get from other countries.

that sucks though that this could of been prevented if 2fa was setup..

I'd say more like 100% his fault. The best part is that because he didn't have 2FA enabled it is pretty much impossible to ascertain how much of his system/accounts are compromised. If he had bothered to use 2FA and this actually happened then he could be certain that 2FA was hacked (meaning his entire system is compromised).

Without 2FA he is going to have to get some scooby snacks and hire a crew of hippies to drive around the internet in a van looking for the criminal. Good luck with that.

At the end it is his fault at 99% , because he didn't set up the 2FA on his btc-e account. Now the unique way is to contact the support and his police station.

There is a trend here from 'hacked accounts' gambling site stole money cheated etc if they was true they would be very welcome but chances are they are not.

Always newbie accounts and that makes me take little no notice anymore, unlucky on losing that amount of money if i am wrong and you actually did however 'doubtful' but you deserved it keeping that amount of money on an exchange with no 2fa in the first place.

lol

BTW if you're still in doubt about 2FA you should check out the comments on the reddit post for this thread (someone submitted it to reddit):
http://www.reddit.com/r/Bitcoin/comments/2vv2ss/someones_complaining_on_bitcointalk_that_his_btce/

Almost all the comments mention the fact that you didn't use 2FA. You should be spending your time right now formatting your computer (or using another computer which is known to be clean) and then checking the security settings of all of your accounts.

If you really feel that 2FA is that stupid then so be it, it feels like you're impossible to reason with on this point. Don't let the fact that Google/Gmail, Facebook, Lastpass, Dropbox, Steam and dozens of other prominent websites rely and promote 2FA to help increase account security greatly change your mind.

A bitcoin exchange is not a bank. Bitcoin and cryptocurrency itself aren't defined as actual currency in most places.

On the topic of whose responsibility security is you should probably try to better familiarize yourself with the terms of services that you use when it comes to cryptocurrency:

source: BTC-E Terms & Conditions ( https://btc-e.com/page/1 )

Today is 2FA tomorrow is 4FA and so on. When I bring my money to bank they say to me what is modern and latest security! If my security measure was out of date they should warn me. Everybody should do what they are professionals in! I don't understand weather it is safe 2fA or not. But they are crypto exchange and they are professionals in it. If it is necessary to install it they should have warned me that my security is under threat

It's no better or worse than a wired connection.

You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.

Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?

I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).

What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.

Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed...

You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.

Why even bother with 1password if you don't even activate 2FA on an account that holds more than forty thousand USD?

Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!
But if they know that not using it is not safe they should insist on using it!

I don't expect them to share the transactions or identity of the account, i just think it would be quite simple for BTC-E to work out the accounts which profited the most from the unauthorized transactions. perhaps monitor said accounts and maybe even suspend operation on those accounts. If btc-e put more effort into tracking the accounts of those who did things like this it would happen less often. they just let them continue though. I like btc-e, i do most of my trading there, but things like this piss me off, but so does people not using two factor authentication.

From what I understand the funds never left the user's account. As such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.

I sure as hell don't want my private transactions being shared with someone who didn't bother to use 2FA in the first place.

-Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand  it How can I know what other security measures were done. I can't know about them I do my business they do there.  Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K
-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?
-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!
-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen
-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.

My questions (please answer all of these so we can see what factors may have attributed to this situation):
-Were you using wifi? - Rarely most of the time I use private modem
-Were you using a wireless keyboard? - never
-What browser do you use? - tor over vpn
-Does anyone else use your computer? - no
-Do you share your wifi access with anyone else? - no
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password
-Do you share the same password on ANY other service ANYWHERE - never

Yes I realized you and OP were separate but I asked because most people jump onto websites saying "oh no everything has been stolen" and then don't provide any information about the situation.

All we know about the original poster so far is that he didn't even have 2FA enabled, my other questions would help readers understand what other factors could have contributed to the unauthorized access of his account.

If people want to blame particular services/exchanges then that is their right, but in doing so they should at least present their side of the story in a transparent manner and let readers know all possible contributing factors to their situation before trying to point the finger at an "inside job". I believe they can answer all the questions I've asked without compromising their personal privacy too, so there is no excuse to not provide this basic information to us, it just serves as a detriment to people who may want to investigate security issues now or at any time in the future.

As a community we should also be noting down the shortcomings of particular exchanges--part of this relies on knowing the customers side of the story too.

If they did take every conceivable precaution (such as activating 2FA, running regular antivirus/malware scans etc etc) then I wouldn't even need to ask these questions. As it is, anyone who is reading this thread and doesn't have 2FA enabled for their accounts should be dedicating the next few minutes of their life to start using it.

btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........

To be precise: I missinterpreted your question about wifi, im connected with the cable to my router, but can do wifi aswell. sorry
And no, I'm not OP so they can even steal my password of my wallet, there is 0 in it.

Thanks for the info. The same applies though, if you share the same username between services then it is relatively easy for someone to then find your email address and then expand from that to find other information about you.

Anyone that engages with you in a conversation and provides a link could gather your IP address from your visit to said link (depending on what website it is obviously) or install malware directly onto your PC.

It is a good practice to use a VPS when using these sites to mask your true IP address at all times.

btc-e doesn't allow email-address as a login.

Edit: and they lock your account after 3 failed login attempt. No way can an attacker guess your password using just 3 attempts. Unless it's "123456" or "password"

So its more a case of unauthorized trades rather than OP's claim that "40 000 USD was stolen".

I guess it serves as a great lesson on why bothering to learn about 2FA (which takes about 2-3 minutes) could save your account from unauthorized access. Just because a mobile can also be hacked it doesn't make it any less useful of a security feature.

Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes?

If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere.

Using wifi isn't the greatest idea when money is at stake.

btc-e does require email verification for withdrawals.  Which is why this is probably OPs funds being stolen:

Windows 7
Firefox
Yes
No
No, only me.
No
15 chars, it was a mix of latin word number and special chars.
No, that password was unique, at least for the email.

I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.
Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts. 

Again if you're going to say your email address or any account was hacked please provide the following information:
-What operating system?
-What browser do you use?
-Were you using wifi?
-Were you using a wireless keyboard?
-Does anyone else use your computer (at ALL)?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?

Exactly--this should be common practice. 40k USD isn't exactly pocket change for most people.

There really should be a rating system for the various exchanges, what security measures they offer as well as a track record of their history (sort of like coinssource we need an exchangesource if such a thing exists)

Email confirmation of transactions/withdrawals will at the very least prove the exchange is extremely unlikely to involved in theft from accounts and would point at the user's computer being compromised (or similar).

and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.

Man this situation makes me sick to the stomach, hope your end up with some kind of result OP, no idea what you should do, BTC-e support is your only hope though.

Yes of course ,with the simple 2FA you have a "strong"  level of security but as you told also the  email for confirm the withdraw will add a much level of security.

However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coins" to your personal wallet.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.

Any service that runs without these basic features is just asking for money to be stolen.

They ought to investigate, I'm with you on this. I have an account with btc-e and I sincerely hope they didn't just tell him to f*ck off. At least not right away.

Before you go assuming your mac is perfect and your password alone is enough to protect you--it isn't. I've seen macs firsthand with viruses. Nowadays visiting a single website is enough to completely compromise your system.

My opinion:
-Not having 2FA enabled = asking for money to be stolen
-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen
-Acting as if macs can't get viruses = asking for money to be stolen
-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen
-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc)

My questions (please answer all of these so we can see what factors may have attributed to this situation):
-Were you using wifi?
-Were you using a wireless keyboard?
-What browser do you use?
-Does anyone else use your computer?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?

Regardless of you being slightly naive (my personal opinion anyway) with a lot of these, this service should still be assisting you (once they have identified you are the legitimate account holder).

few years back there was a security breach with liberty reserve deposits, allowing the attacker to  deposit fake usd in unlimited quantities,
attacker used funds to buy bitcoin and litecoin and then withdrew them, what btc-e did was to roll-back every transaction on btc-e to the state before the attack took place.

im not saying they should do the same now, but atleast they can investigate the theft, compare ip's used to login to his account and compare it to the ones that benefited the most out of trades.
its likely that the attacker used vpn, but maybe he didnt, maybe its just some skid that grabbed his login in some lame way, iwe seen alot of them over the years.
but to tell someone its their own faul and goodbye, well mister, you just lost some customers, presuming this story turns out to be true.

cheers

Oh thanks I've "skipped" that part, so it is also a fault of the OP. The 2FA *must* be active in each exchange/site when you are "depositing/saving" your money (it is a basically rules/concept).

To be fair it's pretty hard for them to do something. Just think about it, the stolen account has been selling his LTC for CNH, CNH price went up. A lot of people made something on it. I personally made about btc in the ensuing panic. I saw in the btc-e trollbox people boasting about making much more. The thieves could have had several accounts. How do you suppose to go after them?

It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

No fishing email pretending to be from btc-e lately?

I'm pretty sure btc-e doesn't have your password in cleartext, only hash of it. So even if someone can look at internal btc-e database, he can't deduce your password.
And their's SSL is standard, otherwise your browser would complain. I just checked, it's TLS 1.2

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

Confused a little bit here , from where you got this informations (that an account got hacked)  ? It wasen't your account , was it ?
EDIT : nvm I just read the last part

It was only btc-e account was hacked, email box was not hacked, so the thief just traded all my 40 K USD to his profit and to my loss. He changed  all my US dollars mostly to LTC, then sold LTC to CHG that’s the way how he did that. When contacting with BTC-E support and wanted them to investigate the situation they answered approximately the next:

“Hello, thank you for contacting btc-e support. We do investigation only when we have the official request from police (Police of what country they want???). We do all the possible to protect money of our clients. But you din’t set two factors authentication, that’s why we can’t be responsible for safety of your account. Thank you, feel fee to contact us”

So and other in the same style. You can blame only yourself, your computer full of viruses and you are poor victim of hackers and so on go f…k yourself.


Further more to look closer to the way how  it was done I suspect that somebody from the btc-e employees was involved or there SSL protocol is piece of shit and you can never be safe contacting btc-e.com. Also a history of the ip entrance gives a thought that the thief was exactly sure where he was doing,and how much money was there and that everything was ready for
 stealing and all that was done from the first connection, and  30 minutes!

The thief entered my account only one time at the time of the robbery, and there was 40 K. So everything was ready for the stealing. He bought LTC from all the sellers, then sold LTC for CNH. It was also the time chosen ideally for the robbery when the order line was minimal, in order to gain maximum, and fast.
To maximise his profit when selling my  dollars he should have also half of my money on his accounts.
My email box wasn’t hacked so if to suppose virus on my computer which let the hacker now my password so in that case he easily took my email password too because it was much easier and more profitable to withdraw money through email confirmation.
If not having virus on my mac (I’m experienced user, it is very rare situation having virus on mac, otherwise I should have installed it myself) that means that they have the big bug in there SSL protocol so that means that nobody is safe when connecting btc-e and that means that one day they announce as MTGOX did that we were hacked and all money was stolen
Even if I was fished, what is least probable because I’m experienced user, so in that case having my password the hacker should have entered once before the robbery time, to be sure how much money is there and to plan the operation and collect the resources.
The say that they need official request from the police! Isn’t it mockery is it? What country they need a police request? Cyprus? USA? Nigeria? Russia


 And the only conclusion I can make from that situation that they don’t want to investigate the situation because they understand that in that case they will find out that somebody of there employees is involved or there https connection has a big bug.