Thread replies: 158
Thread images: 13
Thread images: 13
Anonymous
Bittrex hacked lost 30k 2017-08-26 07:21:09 Post No. 3213931
[Report] Image search: [Google]
Bittrex hacked lost 30k 2017-08-26 07:21:09 Post No. 3213931
[Report] Image search: [Google]
File: IMG_4982.jpg (172KB, 923x1078px) Image search:
[Google]
172KB, 923x1078px
Just lost $30k in assorted alts on Bittrex.
Had 2fa active. They came in and sold all my alts for btc then sold that for eth the used the eth to pump bitshares until the eth was gone.
Left me with $80
No clue how this happened.
Pic related: me looking at my wallets tonight.
>>
>he posted his api keys somewhere
I almost feel bad for you.
>>
>>3213937
Nah
>>
>>3213943
Do you have api keys? Because that's the only way this would have happened other than a phishing attack.
>>
>>3213949
I don't have api keys, and to my knowledge I didn't fall for a phishing attack.
>>
You got bittrex'd
>>
How strong was your PW? I have 20+ random characters.
>>
>>3213970
Explain.
>>
my ass you got hacked with 2fa active. you're just spreading FUD for some stupid reason. kys
>>
>>3213931
>Had 2fa active
nice bullshit story
>>
>>3213976
Darn strong. And I was using Authenticator.
>>
omg just lost 100k!
>>
>>3213976
I once read that the best password is three random words
>>
>>3213931
I told people not to use buttsex several months ago. There is a whole thread on bitcointalk about people getting their wallets cleaned out, YES, with 2fa ON.
>>
>>3213995
I bet they are using trading bots and shit
>>
>hodling my OMG and finally managed to stop checking the price every 10 minutes
>read this thread
>log into bittrex for the first time in a few weeks to make sure my OMG is safe
>now checking the price every 10 minutes again
die
>>
>>3213980
>my ass you got hacked with 2fa active. you're just spreading FUD for some stupid reason.
No
>kys
Contemplating it
>>
>>3213995
it's all fucking BS. if you are going to make the extraordinary claim that an account with 2fa has been hacked, you need to post proof.
>>
Look out for a keylogger.
>>
>>3213995
>>3214005
I posted it before, here it is:
https://bitcointalk.org/index.php?topic=1423584.0
Unless you think those accounts are connected with each other to fud against buttsex (which would make you an idiot - look at their history), there are big ongoing issues. OP did you have a legacy account? Those also seem to be hit more often. People in the thread had 2fa ON.
>>
>>3214015
Last post: August 17, 2017. first post - April 2016.
>>
>>3214002
If you are hodling why don't you have it on MEW instead of a shitty exchange? You won't even take advantage of the airdrop if it's not in a personal wallet.
>>
>>3214015
I had what Bittrex calls a "new" account even though it was over a year old. It's the most basic account you can have. And again, I did indeed have 2fa on.
>>
>>3213991
That's true I just started doing that and added a 10 digit number after it
>>
File: 1243412343.png (59KB, 654x507px) Image search:
[Google]
59KB, 654x507px
>>3214015
Just received this email yesterday from bittrex. I stopped using bittrex after they implemented stringent withdrawal limits. Glad I did.
>>
>>3214026
Feelsbadman, bittrex won't do shit for you. Try to connect with people in the thread, a theft has occured and its a crime not to be downplayed. You guys need to organize and get bittrex to own up to that shit, the platform is not as secure as they say it is, but of course they try to blame it on the users. I'm not gonna lie - holding that much crypto on an exchange wasn't too bright of you either.
>>
>>3214051
At this point I trust mercatox and cryptopia more that i trust bittrex. Still would never keep more than a couple hundo on them.
>>
File: gtpassword_strenh.png (91KB, 740x601px) Image search:
[Google]
91KB, 740x601px
>>3213991
>>
>>3213982
This.
It's impossible.
>>
>>3213931
You probably logged into "blttrex" instead of bittrex
>>
>>
TREXXED
>>
>>3214051
I knew I was playing with fire, but fuck.
>>
>>3214102
I only ever log in from a bookmark on my phone and a bookmark on my laptop.
Both are correct.
>>
>>3213931
Holy shit guys I just lost $69k on bittrex sell selll sell
>>
>>3214127
>log in from my phone
there it is
use only a pc which is absolutely clean
don't torrent on it
you should be good unless someone you know personally is IT savvy and wants to fuck with you
>>
>>3214127
you used 2fa? with goog authenticator and not sms?
something's not right with your story
>>
>>3214015
>post is about people without f2a that got hacked
Lol n1
ITT fudders/retards that fell for phishing
>>
>>321406991
>what is a dictionary attack
>>
GUYS WTF DID THEY DO TO OUR CRYPTO COINS? SHOULD WE CALL THE COPS?
>>
>>3214127
Then how the fuck did it happen? You fucked up somewhere, you are the weakest link, don't delude yourself
>>
PIC RELATED THAT WAS ALL MY TENDIE BUX
>>
>>3214015
I've read 20 random posts, all suckers with no 2fa on and thousands on their accts. Not gonna sift. Post proofs or stop larping.
>>
>>3214144
>you used 2fa? with goog authenticator and not sms?
correct
>>
>>3214144
obviously not telling the whole story. What stupid thing did you do, OP? It's ok we won't judge.
>>
>>3214170
do watch porn or visit any weird sites on your phone?
>>
It's always the same story and it's always bittrex. Either some exchange has a weird viral campaign or this shit is actually happening.
>>
have you rooted your phone, OP?
>>
>>3213931
What's this 2fa?
>>
>>3214181
Nofap
4ch and 8ch are as weird as I get.
>>
>>3214186
it's faggots wanting to take down the best exchange with rumors and whatnot. this is also a good way to make morons panic sell to get off bittrex.
>>
>>3214191
two factor authentification, you enter random numbers that respawn on your phone every few seconds
https://authy.com/blog/authy-vs-google-authenticator/
>>
File: IMG_4984.jpg (25KB, 325x325px) Image search:
[Google]
25KB, 325x325px
>>3214187
No...
>>
>>3213931
Do you use Microshit Windblows?
That's why.
>>
>>3214201
I don't get the motivation unless it's an exchange or the same guy just does it occasionally for lulz.
>>
>>3214212
All Mac applefaggotry here
>>
Post a screenshot of the trade history
>>
>>3214204
authy being able to sync across devices seems incredibly bad from a security perspective, i'll stick with google authenticator on a phone which i never connect to the internet and only charge via a wall outlet, thanks
>>
>>3214226
agreed. start posting proof, OP
>>
>>3214231
but then... you better back up every captcha code because if you lose your phone you lose a 100k accoun
>>
anyone that gets their shit stolen from bittrex is a literal mouth breathing monkey
there is an ip whitelist option where it makes it IMPOSSIBLE for anyone aside from the whitelisted ips to make any orders or withdraw money
>>
>>3214237
>writing down the private key to your 2fa is so hard
>>
>>3214243
alright, you win
just trying to help noobs
>>
>>3214237
you are a fucking moron if you don't take the time to securely back up those phrases and put significant amounts of cash into such accounts
>>
I took a picture of the api key and uploaded it to gmail, is it safe or should I write it down and delete it?
>>
You could make your password "10" and you wouldn't get hacked with 2fa on. Fuck off.
>>
File: IMG_4986.jpg (114KB, 699x907px) Image search:
[Google]
114KB, 699x907px
>>3214226
>>3214233
Me getting cleaned
>>
>>3214240
Sometimes the right time to buy and sell happens when you're wagecucking.
>>
>>3214253
fucking hell m8, why would you do that? you should always store that which you can store offline, (ie on a piece of paper) offline. No wonder so many people lose so much fucking money on this website not taking security seriously.
jesus fucking christ
>>
>>3214264
pretty good buys on bitshares. how do we know you're not just stocking up for the next big moon mission?
>>
>>3214253
you fucked up already btw this way, detach your authenticator and attach a new one with a new key and write that key down and don't store it fucking online, moron
>>
>>3214273
Lol
>>
>>3214269
What do you think is more likely. Google getting hacked and a hacker finding your shit amidst a fuckload of other shit, or your dumbass forgetting/losing the keys?
>>
>>3214286
if you aren't able to secure your own stuff you shouldn't be in crypto in the first place, it's literally what crypto is designed for
>>
>>
Why didn't they just take the money?
>>
>>3214300
they did, by filling their own buy orders obv
>>
>>3214296
No, because your hard drive is far more likely to fail than a hacker accessing your gmail account.
>>
>>3214306
offline being a piece of paper or anything air gapped from a pc obv or a cryptosteel or something
>>
Why not store your keys in a dedicated USB stick with keepass?
>>
>>3214319
Easily lost, forgotten about, wife/mom/sibling throws it away by mistake etc..
>>
>>3214240
if they can hack your 2fa cant they just change that setting too?
>>
There's something you're not telling us OP. It's impossible to hack an account with 2FA even if you know the password. Do you live with other people? Could it have been your roommate or something like that?
>>
>>3213982
kys
>>
>>3214328
>he doesn't have a dedicated fireproof safe for his crypto stuff
>>
File: 39479133719239939.png (10KB, 165x183px) Image search:
[Google]
10KB, 165x183px
>store 2fa keys online
could be hacked
>store 2fa keys on hard drive
hard drive fails
>write 2fa keys on paper
paper is destroyed, house fire, etc
>store 2fa keys on engraved metal
metalworker knows your keys, keys change, etc
>memorize keys
forget keys, kys autist
any other options?
>>
>>3214328
as i said, assuming you can securely store it
but go ahead store all of your shit online
>>
>>3214341
taint tattoo
>>
>>
>>3214341
Engrave the metal yourself, dummy.
>>
>>3214358
well than, sell all of it and never look back
>>
>>3213931
Dubious. Why did you keep your coins on the exchange?!
>>
all these dummies storing their crypto on exchanges
>>
>>3214358
>splendid, now the escorts get my keys
If they ask just tell them you were in a concentration camp. Escorts are stupid.
>>
File: 1503612285700.jpg (56KB, 960x928px) Image search:
[Google]
56KB, 960x928px
>>3214372
no metal engraving equipment
>>
>>3214398
>salt water
>battery
>>
>>3214204
So the only way they could have got on is if they trace this phone to his account and hacked his phone. I would say Hop was probably visiting a RedTube. $30,000 is definitely worth their time.
>>
>>3214398
>he didn't make enough gains to afford a metal workshop
>>
Did you contact support? They can't drain their your coin that badly by just buying bit shares. You are full of it
>>
File: 64743379059005.png (33KB, 137x163px) Image search:
[Google]
33KB, 137x163px
>>3214409
first halfway decent idea
>>3214397
would it be more believable if I took a sharp stick and scratched my key into my armpit?
>>
Bit shares price has t changed much. In order to drain your account hat way it should have gone to 1000% or so and then come down. That didn't happen
>>
>>3214449
Heals over time m8
>>
>>3214097
How is it impossible? Don't post if you have no idea.
>>
>>3214026
If you had the most basic account, you can't even properly withdraw bitcoin...
>>
I have my keys stored in a debian VM that I've backed up to two different encrypted external hard drives, and on google drive with 2fa on.
>>
>>
File: 1442164348784.gif (60KB, 499x499px) Image search:
[Google]
60KB, 499x499px
>>3213931
You must have logged into a non official bittrex site OR used a false third party app.
DAILY REMINDER THERE IS NO BITTREX APP FOR ANDROID OR IOS.
1. Use adblock and favourite the official bittrex site
2. Ensure https protocol and check that ssl signature is bittrex
3. Use 2FA
4. NEVER EVER EVER use 3rd party apps
>>
>>3214139
honestly even if you have a virus but use an antikey logger you should be fine. Antilogger free is good
>>
Facts:
- Topics about Bittrex "hacks" have been happening regularly for over a year, on various places. On /biz/ alone we get these topics on a monthly basis.
- Accounts targeted have a few thousands to low dozens. They are always cleared out with the hacker buying another alt.
- Accounts targeted tend to lack 2FA, but there are a few reports of accounts with 2FA being hacked.
It's overwhelmingly likely a Bittrex insider embezzles just enough money from random accounts to not trigger a widespread pitchfork campaign against Bittrex. The idea of a FUD campaign or a stupid OP is tempting to those of us with coins on the platform (we want to believe we're making rational choices in staying there), but the length of time this has been happening for as well as the variety of victims makes this unlikely.
>>
>>3214684
Its not that unlikely either. In other industries this happens as well.
People have been complaining about GoDaddy domains being transfered to China for example. Which would only be possible with an insider.
If something is worth money you will have attackers.
>>
I come from a network security background and can tell you right now 2FA is a meme and will increase your chances getting hacked due to several factors. Just use a strong random generated password (I use 32 characters which will never get bypassed even without captcha unless whole database gets hacked somehow). Just store it in a word/text file with a backup or trustworthy password manager.
>>
>>3214127
Did you use public wifi?
>>
>>3214792
how does it increase your chances of getting hacked if you are using an auth app?
>>
>>3213931
You need some ETH?
Post address, anon :)
>>
>>3214061
Cryptopia is also scammy yobit tier website. But you probably know that. Remember though their admins are Muslims who behave like 15 year olds so if you ever run in a problem you're on your own
>>
>>3214240
Outside America there is a thing called dynamic ip
>>
>>3214801
The main issue would be if an online TOTP auth (e.g. Google Authenticator)'s account were compromised. This is why you should use offline apps like FreeOTP & a password manager like Keepass 2.
The other stuff is him talking out his ass because apparently full database leaks never happen on shitty PHP infrastructures? Idk, he's stupid and full of shit, especially since he's telling people to store things plaintext when the next major attack vector is malware scanning the disk / clipboard for wallets & credentials
>>
>>3214264
Those are some good trades man
>>
>>3214201
Could also be rival exchanges paying shills to say shit about bittrex
>>
>>3214231
If your going to do that, might as well have a Linux distro on USB and boot from that. No chance of being hacked
>>
Daily reminder that everyone who makes these threads is either a polo shill or a retard who fell for phishing scams.
Sage & report. Bittrex is the best exchange out there and has always been.
>>
Exchanges always get hacked
People using exchanges always get hacked
airgaped pc cold wallet only way to trade. never let a exchange hold your coins
>>
IMPOSSIBILE!
YOU GOTTA HAVE A STRONG PASSWORD LIKE MINE: FUCK YOURSELF
>>
File: 1483891679156.jpg (115KB, 727x639px) Image search:
[Google]
115KB, 727x639px
>>3213931
>storing $30k on a chinese child labour factory
Kek you had it coming
>>
>>3213931
Nice! Just bought 100K
>>
WHERE IS THE FUCKNG COBSENSUS ON THIS9
>>
Dude literally same exact thing happened to me last month, lost 4 btc. Had 2fa enabled and never once used API or activated it.
Felt fuckin bad man.
>>
>I really got hacked
>believe me
>what, post the order history? no! you'll use that to hack me!
>>
>>
How do i get my keys for 2fa on buttrex
>>
Same happend on kraken. They sold 750 eth to zcash and transfered it away. This happend 1 year ago
>>
>>3214341
Zip all keys with a strong password backup in 3 usb drives put in 3 different places
>>
>>3215265
Mein gott a lot of clueless RETARDS here calling others stupid. I suppose its too much to ask of people TO KNOW WHAT THEY ARE TALKING ABOUT and ACT NICE but hurrdurr LET'S BE IDIOTS & IGNORAMUSES and call others idiots out of our own ignorance because that's the 4chan way, r-right guise? <- newfags. Polo has even had a specific 2fa exploit that only works if the user uses 2fa, so youre actually less secure with 2fa... Bittrex has had these things happening for aeons.
>>
>>3214438
kek
>>
>>3214398
Go to walmart and use one of those automated pet tag kiosks
>>
File: 1503190105977.gif (1MB, 500x281px) Image search:
[Google]
1MB, 500x281px
>>3214069
dictionary bruteforce?
>>
>>3216108
Yes, that's exactly why you don't use dictionary words. Retards just look at the difficulty in terms of the number of bits, but in reality you just reduced it to a combination of 4 words from ~3000 common english words which is trivial to crack. Capitalization and obvious substitutions don't add much to the difficulty, either.
And of course you get more idiots saying "you're not going to pound a server with billions of password attempts", who don't realize that these attacks involve first gaining unauthorized access to the server, cloning the database, then brute forcing the encrypted accounts locally where you have all the time in the world. Most ITfags are too incompetent to even realize their server was ever compromised.
>>
File: oh daddy don't! not in public!.jpg (58KB, 556x493px) Image search:
[Google]
58KB, 556x493px
>>3213931
Unless you have 300K in cryptocurrency, there shouldn't be a reason for you to keep 30K on an exchange, also buy a netbook they are cheap as fuck, install ubuntu & keepassx (generate 24 char password for each exchange, sms verification for the gmail that you use on exchanges) and do your trades there.
Use electrum and offline myetherwallet.com on ubuntu for cold storage.
Easy 10/10 security.
>>
>>3213931
Probably got into a phishing site, and you are unaware of what you did. Bittrex recently sent an email announcement about the rise of phishing sites masking the official Bittrex site.
>>
nice just lost 100k
>>
>>3216754
kek
>>
This has me scared :/
>>
>>3213931
get fucked
>>
>>3213931
If this did actually happen. why haven't you looked at your login history under your account?
>>
>>3214003
what did you download recently?
post your btrx history, I dont believe you if you didn't download/go to shifty sites recently
>>
>>3216264
I find it really hard to believe that a combination of four random words as password is easy to crack, even if they are common english words, and the cracker has all the time in the world. Unless of course his bruteforce program is designed with those type of passwords in mind...
>>
>>
I use KeePass to generate random 20 char passwords.
I'm safe right?
>>
just changed my password to 50 random characters
>>
>>3217928
I only know the very basics of programming, but I think I understand now. A key element to password cracking is reverse cryptography, I never knew.
>>
>>3213931
Are you black?
>>
>>3214792
>I come from a network security background
>Just store it in a word/text file
something tells me you got fired
>>
>>3216264
retards thinks there is any other way of measuring security than the number of bits of entropy. 4 words have 44 bits of ENTROPY (which is not enough btw), it doensn't matter if you have the exact set of words used, in fact that's the best possible scenario.
>>
>>3214792
>I come from a network security background
>Just store it in a word/text file
Thread posts: 158
Thread images: 13
Thread images: 13