Thread replies: 110
Thread images: 3
Thread images: 3
File: IMG_7163.png (66KB, 1334x750px) Image search:
[Google]
66KB, 1334x750px
Last night I was hacked on Bittrex
Someone exchanged my 0.8 btc to Yen and just destroyed all the coins
Just a warning to activate the 2f authentication
12SZmXqr7ZZNBRpaCwuKbDZ6shejDZ8Gni
>>
>>2523755
Just did, friend. Appreciate the advice.
>>
how easy was your password?
>>
Please activate 2FA and email cofirmation for withdraw.
>>
>>2523755
>not have 2fa
Why Anon? It's free FFS
I hope you learn't from this, the more security the better.
>>
Probably too easy very dumb
Account is now disabled but I think Bittrex can't do anything about it cash is gone
>>
you bet I learned the hard way
>>
password123
>>
>>2523755
>tfw storing 6 btc on the exchange
yeah enabling right now...
even though I use this password nowhere else (randomly generated 50+ char)
>>
>>2523755
i activated it yesterday thinking it will give me higher withdrawal limits, it didn't but extra security is good too.
>>
>>2523755
>Dude
>ID: DuEwdh
I fully endorse The Dude here, anyone not using 2FA is setting themselves up for disaster.
>>
Yep gonna start over the right way
>>
I use 2FA, what else can i do? Is 2fa enough? how do i enable that email upon withdrawl? on other exchange i used that was already enabled on signup
>>
yep i set up 2FA for everything since i got hacked on PSN learned my lesson a year ago.
>>
is this a good password? : ▼__¼a@#1nkjaf1241@E
>>
>>2523755
I too was hacked and lost 23.7 ETH, literally was about to buy my dad a fucking grill for fathers day with some of that.
>Tfw it might be your dads last father's day.
fuck bros.
>>
>>2524040
>he doesn't have a password that's over 50 characters
>girls laughing.jpg
>>
>>2524055
wtf? how is this happening so often. what was your password?
>>
>>2524040
nope, needs to be longer with lots of smiley faces and sad faces. Here's an example:
5:)GX:(Rw6J:)cRc:(Ub:)G:)J:)a:(67:)3t:(2
>>
>>2524059
damn are u fken serious? do you just copy and paste at that point?
>>
>>2524065
It was fucking 16 characters long bro.
>>
>>2524085
did you use the same password for anything else?
>>
>>2524094
No dude, I genuinely thought I was being smart. I didn't even know bittrex had 2 step.
>>
i though you had to confirm on email?
>>
What kinda passwords are you even using?
You do realise your password is the one thing seperating thieves from your money.. right?
>>
>>2524102
damn, looks like a lot of people without 2fa are getting hacked
>>
>>2524102
did you get phished somehow?
>>
>>2524112
Password doesn't matter. Hackers don't guess passwords...
>>
>>
>>2524074
yes.
>>
>>2523755
>12SZmXqr7ZZNBRpaCwuKbDZ6shejDZ8Gni
what did he mean by this?
>>
So I'm not versed with computers, assuming people have a remotely unique password, how do hackers get around them? Keyloggers?
>>
Yes it was a password I also use for other sites just very dumb of me
>>
>>2524125
have you downloaded anything recently. especially anything posted here? someone dl'd something with a keylogger posted recently on biz.
>>
>>2524150
>downloading stuff you find on links from 4chan
kek
Are you done interrogating me now?
>>
Nope but I use Bittrex at my workplace on my iPhone and at home
>>
use a password generator
use a 100char password
enable 2fa. make sure your email account also has a DIFFERENT 100char password and 2fa to a different phone if you can. do this and you'll be fine
>>
File: jetprotect.jpg (38KB, 770x433px) Image search:
[Google]
38KB, 770x433px
>>2524059
>>2524040
Password strength past 10+ characters is a meme. Your account is far more likely to get compromised because companies like Sony like to store user information in plaintext. Even properly stored passwords get cracked into rainbow tables. Hackers simply cross-reference results to other services and attempt to login with the same details, and it works because people reuse them. Use multiple emails and multiple passwords. Also 2FA when available. Secure your system, learn 2 opsec and dont be retarded.
>>
>>2524159
i just don't believe it was brute forced.
>>
>>2523755
What happened if you loose or broke your cellphone? Can you remove the 2f authentication?
>>
>>2523800
abc123
>>
how secure is google authentificator?
>>
>>2524253
what happen*
Anyway thanks, just did it.
>>
>>2523755
great and I don't have a smartphone.
What nou?
>>
>>2524349
best to keep your coins in desktop wallets then
>>
>>2524349
Buy one amok, even if it's a super cheap android one plus you will always be aware if someone logs.
>>
>>2524444
checked.
and yes, I think I'd better do that. T.hanks
>>
All my passwords are 20 characters long minimum and I use 2 factor for all exchanges
>>
>>2523755
fucking hell OP same here. 0.2 btc gone
1GDdfvSuFxnLMMf8k3JU8tUb3VdJKzr6a4
>>
>>2524349
run an authenticator in an android emulator
>>
>>2524478
kek fuck off dude.
>>
>>2524192
This
Nobody is trying to guess your password, theyre just grabbing it from the servers it's stored on and using it.
OP probably got something else hacked and then had the same username and password for everything.
>>
>>2524181
yeah no one here will do that. think simple nigger
>>
>>2524515
Why wouldn't you? There's password managersl
>>
Same happened to me and my cousin about 3 weeks ago. Lost about 4 btc worth between us on bittrex.
Didn't have 2fa either. I made a thread on this too and quite a few people lost theirs too in the same way so seems it's a common problem for those without 2fa.
Tbh i think its internal and a staff member is doing it
>>
>>2524554
>Tbh i think its internal and a staff member is doing it
that would make the most sense to me.
>>
>>2524554
>Tbh i think its internal and a staff member is doing it
This is EXTREMELY likely.
I've seen several of these threads on 4chan over the past few months. A Google search will also bring you to similar topics on Bitcointalk.
The hacks always use the same methodology, trading for shitcoins. They affect only a few people with balances in the 0-10 BTC range, and are constant in time.
You don't hear about Poloniex, Liqui, or even fucking Yobit hacked this way. It's always Bittrex and only Bittrex.
Everything fits the MO of an employee keeping it low profile so the people affected have no recourse.
>>
>>2524159
>>downloading stuff you find on links from 4chan
Well there's some good porn sometimes
>>
>>2524055
you should have bee nicer to your mother Dan
>>
guest
password
>>
>>2525350
Holy fuck. Can we fucking email them and get this resolved..or some shit. I know it sounds useless but still this is fucked up
>>
>>2525427
Perhaps we should start a FUD campaign on social media. No misallegations, just pointing out these hacking patterns. All these exchanges are notoriously lacking in support... Until you hit their good name in public.
>>
>>2525350
>>2524562
Why would you think it was an employee? World of Warcraft accounts without 2FA were getting hacked a decade ago, you're telling me that Xi and Pajeet wouldn't target other shit that's just as insecure but worth significantly more?
If other exchanges don't suffer from this shit then I'd assume that Bittrex, being located in Seattle, is too liberal to IP block 3rd world scammers.
>>
>>2525495
Hacking is not so easy and hackers would go for the whales not 0.3 BTC if they managed to hack the Bittrex server.
>>
Just did the 2fa, thanks fellas. I'm too poor to rob but that might not always be true. I think I had a whole eth on bittrex once.
>>
>>2525540
Pajeet doesn't know how much an account is worth until he's in it. Pajeet feels no shame in spending your last .01 btc on curry. Whales take the extra minute to secure their 20 btc accounts.
>>
You should enable the address whitelist. That way they can only withdraw coins to the wallet you want.
>>
>>2525495
You could be right, but either way, something in their security practices must be lacking for these hacks to be so specific to Bittrex.
>>
>>2525383
names not dan bro
>>
>>2525569
This wouldn't help. The usual pattern: hacker sells all your coins on a low volume shitcoin (which he's likely the owner of).
This should make it super easy for Bittrex to trace back the hacks through transactions, should they actually want to do something about it...
>>
>>2525592
I see. Well I'm using 2FA (Google auth), is that enough?
>>
this is likely internal because google image capcha is bypassed for password guessing
>>
Good thing i used shapeshift instead of bittrex today.
Also i pull all my coins off bittrex when my trade is done.
Bittrex limits it to $3k USD worth of withdrawals every 24 hrs.
>>
>>2525730
>shapeshift
This site is such a ripoff though.
>>
>>2525735
Yea I know. But the .01 withdrawal fee of bittrex is crap too, since i won't leave my coins on the exchange.
>>
>>2525735
Paying for the convenience
>>
>>2525569
An IP whitelist and 2fa are the best way to go imo
>>
>>2524133
That his password
>>
>>2525730
LOL get fucked by fees.
>>
Hey dumb phoners. This chrome extension can set up 2fa on your browser.
>GAuth Authenticator
>>
>>2525830
>GAuth Authenticator
Also this https://authy.com/features/multiple-devices/
>>
>>2525821
>fucked by fees
Miner fee with shapeshift was .01 which was the same as bittrex withdrawal fee. And I don't have to worry about bittrex 3k daily withdrawal limit, or getting my coins stolen.
>>
>>2523914
2FA is enough if it's with google auth or authy
>>
File: 5bc7YIf.jpg (21KB, 670x319px) Image search:
[Google]
21KB, 670x319px
>>2525730
>t. newfag
>>
>>2525940
It's the exchange rates that gets you.
>>
>>
>>2525980
harsh man
>>
>>2523755
>Use unique passwords
>2FA on every exchange and MAIL
If you don't do this, you are an idiot
>>
>>2525972
I'm looking at my rate. I paid .00839 ETH per ANT. On Bittrex it's around the same range when I bought it. So I don't think it's a big issue unless I'm trading.
I'm buying and holding.
>>
>>2525980
Thanks man, I'll keep that in mind. I learned my lesson.
>>
>>2525986
it's really the reality of it though. what's harsh is the fact that this is happening to hundreds of people a day because their too dumb to understand their shit isn't even close to being safe on an exchange and you're just feeding some fucking backwoods Russian or Chinese man and helping him pay for his next sex doll
>>
>>2526034
That's true but the dad thing was kinda dick. Just saying.
>>
>>2526042
fuck right off
>>
>>2526049
nah
>>
>>
>>2525540
Whales have 2fa activated and the highest opsec. If u got over 100k in crypto you better have some security
>>
>>2526059
That why I use Authy, fuck GAuth
>>
So how exactly does 2fa stop a crooked website employee from getting at your cookies? The website shows you a screen that has the code on it. Wouldn't the employee have access to the code? In this particular case, I could see the person only choosing clients without the 2fa to steal from, so there's a reasonable case to be made for an outside party, like a keylogger on the client's device for example.
>>
>>2524267
Reliably secure, unless someone else have access to your device with your google account.
>>
>>2523826
well, what was it? not like you're going to use it again and we might as well laugh at you
>>
>>2526447
>Wouldn't the employee have access to the code?
no.
>>
I just activated 2FA. You just need to install Google Authenticator from the PlayStore, scan a qr code on Bittrex, backup your secret key and confirm an email from bittrex.
You don't have to to reveal your mobile number. It just takes 2 minutes.
>>
I don't get how they manages to withdraw the BTC from your Bittrex account since Bittrex sends an email to confirm the withdrawal, so they must have had access to your Bittrex and email account to withdraw.
>>
Setup keepass and 2fa, use different randomly generated passwords for any service you use
>>
>>2527486
im not sure if its like it is on polo, but if you enable api access you can withdraw without email confirmation through api.
>>
>>2527486
they go on a low volume market and use your coins to go full "sell high buy low " into their own walls
>>
2FA,withdrawl whitelist and ip whitelist.
Always logout when you leave pc.
>>
>>2527520
Okay, now that is smart
>>
You've being stroke by a smooth haxors
>>
Can OP please explain further what in his opinion caused the hack?
did you get malware on your PC?
Thread posts: 110
Thread images: 3
Thread images: 3