WARNING - Bittrex account got hacked, bitcoins stolen... at the wee hours at the morning.. A victims story..

in #hacked7 years ago (edited)

Hi all steemits,

This is my first time writing an article here in steemit to warn everyone about the my terrible experience of getting hacked from the trading site bittrex and how that if you account got hacked, you can't do anything about it..

Till now I had no response from bittrex yet.

I'll keep my story short. I'm an avid trader just like all of you and no, I did not click any phishing sites and entered my details in the phishing site. I HAVE 2FA authentication activated (it was in authy though) and my password was decently strong..

Reasons why I used authy. (If you lose or change your phone, your 2FA will be lost in google authenticator but in authy it still remains there, that's why I used authy)

Anyway I woke up in horror to find I only had 0.1 coins left in the early morning.

Anyway this is how a hack works..

1.login.jpg
1 - seems like the attacker nows my login times and purposely logged in at the week hours at 4am for this attack.

2. 2fa_ok.png
2 - attacker log and withdraw using 2FA.. success... WTF...

3.turn_off.png
3 - seems like 2 attackers logged in and transferred out the money.. He turns off notification on the settings.

4.monero.jpg
4 - hacker will sell all your coins and buy monero coins

5.transfer.jpg
5 - hacker transfers out his monero coins out in 3 seperate transfers..

and boom... within 10 minutes, my bitcoins was gone forever.

I'm just sharing this as an awareness to anyone that is using bittrex to be careful and don't put any large amount of coins in bittrex. Always take out your coins once it reaches your target reached.

To recap

  • I was using windows
  • I had 2FA authenticated (using authy)
  • My password was fairly strong
  • I didn't had api keys whitelisted or withdrawal whitelist on (please do this and have a vpn)
  • I didn't click any phishing sites and entered my details in

Simple security measures such as those implemented on coinbase per below could have prevented this hack

  • Email authorisation for new login
  • Delayed 72 hours withdrawal on every new login
  • Sms authorisation for withdrawal
  • Private (separate password) for large amount of withdrawals..

I know nothing I can do now, but to share my story as a victim and hope my story could save you from being a victim as well from bittrex or any exchanges.

And I know I'm not the only victim, but i speak out for the victims of bittrex. If you go to their facebook, you can see more victims asking for help on facebook with no avail.

0.png

1.png

2.png

3.png

4.png

5.png

6.png

7.png

Please share this to create awareness to everyone...

Sort:  

That's terrible I use bitfinex but I am going to have to change to bittrex soon because bitfinex is getting rid of US customers. I trade in mostly altcoins so coinbase isn't an option for me. I hate to hear this happened to you.

Congratulations @prozac88! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @prozac88! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Coin Marketplace

STEEM 0.25
TRX 0.20
JST 0.035
BTC 93734.88
ETH 3431.34
USDT 1.00
SBD 3.49