Hacked on Bittrex

Last night I was hacked on Bittrex
Someone exchanged my 0.8 btc to Yen and just destroyed all the coins
Just a warning to activate the 2f authentication

12SZmXqr7ZZNBRpaCwuKbDZ6shejDZ8Gni

Other urls found in this thread:

authy.com/features/multiple-devices/
twitter.com/NSFWRedditGif

Just did, friend. Appreciate the advice.

how easy was your password?

Please activate 2FA and email cofirmation for withdraw.

>not have 2fa

Why user? It's free FFS

I hope you learn't from this, the more security the better.

Probably too easy very dumb
Account is now disabled but I think Bittrex can't do anything about it cash is gone

you bet I learned the hard way

password123

>tfw storing 6 btc on the exchange
yeah enabling right now...
even though I use this password nowhere else (randomly generated 50+ char)

i activated it yesterday thinking it will give me higher withdrawal limits, it didn't but extra security is good too.

>Dude
>ID: DuEwdh
I fully endorse The Dude here, anyone not using 2FA is setting themselves up for disaster.

Yep gonna start over the right way

I use 2FA, what else can i do? Is 2fa enough? how do i enable that email upon withdrawl? on other exchange i used that was already enabled on signup

yep i set up 2FA for everything since i got hacked on PSN learned my lesson a year ago.

is this a good password? : ▼__¼a@#1nkjaf1241@E

I too was hacked and lost 23.7 ETH, literally was about to buy my dad a fucking grill for fathers day with some of that.

>Tfw it might be your dads last father's day.
fuck bros.

>he doesn't have a password that's over 50 characters
>girls laughing.jpg

wtf? how is this happening so often. what was your password?

nope, needs to be longer with lots of smiley faces and sad faces. Here's an example:
5:)GX:(Rw6J:)cRc:(Ub:)G:)J:)a:(67:)3t:(2

damn are u fken serious? do you just copy and paste at that point?

It was fucking 16 characters long bro.

did you use the same password for anything else?

No dude, I genuinely thought I was being smart. I didn't even know bittrex had 2 step.

i though you had to confirm on email?

What kinda passwords are you even using?
You do realise your password is the one thing seperating thieves from your money.. right?

damn, looks like a lot of people without 2fa are getting hacked

did you get phished somehow?

Password doesn't matter. Hackers don't guess passwords...

I guess so.
Idk dude, I literally have no clue what happened all I know is I lost all my shit.

yes.

>12SZmXqr7ZZNBRpaCwuKbDZ6shejDZ8Gni
what did he mean by this?

So I'm not versed with computers, assuming people have a remotely unique password, how do hackers get around them? Keyloggers?

Yes it was a password I also use for other sites just very dumb of me

have you downloaded anything recently. especially anything posted here? someone dl'd something with a keylogger posted recently on biz.

>downloading stuff you find on links from Veeky Forums
kek

Are you done interrogating me now?

Nope but I use Bittrex at my workplace on my iPhone and at home

use a password generator

use a 100char password

enable 2fa. make sure your email account also has a DIFFERENT 100char password and 2fa to a different phone if you can. do this and you'll be fine

Password strength past 10+ characters is a meme. Your account is far more likely to get compromised because companies like Sony like to store user information in plaintext. Even properly stored passwords get cracked into rainbow tables. Hackers simply cross-reference results to other services and attempt to login with the same details, and it works because people reuse them. Use multiple emails and multiple passwords. Also 2FA when available. Secure your system, learn 2 opsec and dont be retarded.

i just don't believe it was brute forced.

What happened if you loose or broke your cellphone? Can you remove the 2f authentication?

abc123

how secure is google authentificator?

what happen*

Anyway thanks, just did it.

great and I don't have a smartphone.
What nou?

best to keep your coins in desktop wallets then

Buy one amok, even if it's a super cheap android one plus you will always be aware if someone logs.

checked.
and yes, I think I'd better do that. T.hanks

All my passwords are 20 characters long minimum and I use 2 factor for all exchanges

fucking hell OP same here. 0.2 btc gone

1GDdfvSuFxnLMMf8k3JU8tUb3VdJKzr6a4

run an authenticator in an android emulator

kek fuck off dude.

This

Nobody is trying to guess your password, theyre just grabbing it from the servers it's stored on and using it.

OP probably got something else hacked and then had the same username and password for everything.

yeah no one here will do that. think simple nigger

Why wouldn't you? There's password managersl

Same happened to me and my cousin about 3 weeks ago. Lost about 4 btc worth between us on bittrex.
Didn't have 2fa either. I made a thread on this too and quite a few people lost theirs too in the same way so seems it's a common problem for those without 2fa.

Tbh i think its internal and a staff member is doing it

>Tbh i think its internal and a staff member is doing it
that would make the most sense to me.

>Tbh i think its internal and a staff member is doing it

This is EXTREMELY likely.

I've seen several of these threads on Veeky Forums over the past few months. A Google search will also bring you to similar topics on Bitcointalk.

The hacks always use the same methodology, trading for shitcoins. They affect only a few people with balances in the 0-10 BTC range, and are constant in time.

You don't hear about Poloniex, Liqui, or even fucking Yobit hacked this way. It's always Bittrex and only Bittrex.

Everything fits the MO of an employee keeping it low profile so the people affected have no recourse.

>>downloading stuff you find on links from Veeky Forums
Well there's some good porn sometimes

you should have bee nicer to your mother Dan

guest

password

Holy fuck. Can we fucking email them and get this resolved..or some shit. I know it sounds useless but still this is fucked up

Perhaps we should start a FUD campaign on social media. No misallegations, just pointing out these hacking patterns. All these exchanges are notoriously lacking in support... Until you hit their good name in public.

Why would you think it was an employee? World of Warcraft accounts without 2FA were getting hacked a decade ago, you're telling me that Xi and Pajeet wouldn't target other shit that's just as insecure but worth significantly more?

If other exchanges don't suffer from this shit then I'd assume that Bittrex, being located in Seattle, is too liberal to IP block 3rd world scammers.

Hacking is not so easy and hackers would go for the whales not 0.3 BTC if they managed to hack the Bittrex server.

Just did the 2fa, thanks fellas. I'm too poor to rob but that might not always be true. I think I had a whole eth on bittrex once.

Pajeet doesn't know how much an account is worth until he's in it. Pajeet feels no shame in spending your last .01 btc on curry. Whales take the extra minute to secure their 20 btc accounts.

You should enable the address whitelist. That way they can only withdraw coins to the wallet you want.

You could be right, but either way, something in their security practices must be lacking for these hacks to be so specific to Bittrex.

names not dan bro

This wouldn't help. The usual pattern: hacker sells all your coins on a low volume shitcoin (which he's likely the owner of).

This should make it super easy for Bittrex to trace back the hacks through transactions, should they actually want to do something about it...

I see. Well I'm using 2FA (Google auth), is that enough?

this is likely internal because google image capcha is bypassed for password guessing

Good thing i used shapeshift instead of bittrex today.
Also i pull all my coins off bittrex when my trade is done.

Bittrex limits it to $3k USD worth of withdrawals every 24 hrs.

>shapeshift
This site is such a ripoff though.

Yea I know. But the .01 withdrawal fee of bittrex is crap too, since i won't leave my coins on the exchange.

Paying for the convenience

An IP whitelist and 2fa are the best way to go imo

That his password

LOL get fucked by fees.

Hey dumb phoners. This chrome extension can set up 2fa on your browser.
>GAuth Authenticator

>GAuth Authenticator
Also this authy.com/features/multiple-devices/

>fucked by fees
Miner fee with shapeshift was .01 which was the same as bittrex withdrawal fee. And I don't have to worry about bittrex 3k daily withdrawal limit, or getting my coins stolen.

2FA is enough if it's with google auth or authy

>t. newfag

It's the exchange rates that gets you.

>had thousands of dollars on an exchange and didn't even look into security options

If your dad dies, it's more than likely because he realized his child is a fucking retard

harsh man

>Use unique passwords
>2FA on every exchange and MAIL
If you don't do this, you are an idiot

I'm looking at my rate. I paid .00839 ETH per ANT. On Bittrex it's around the same range when I bought it. So I don't think it's a big issue unless I'm trading.

I'm buying and holding.

Thanks man, I'll keep that in mind. I learned my lesson.

it's really the reality of it though. what's harsh is the fact that this is happening to hundreds of people a day because their too dumb to understand their shit isn't even close to being safe on an exchange and you're just feeding some fucking backwoods Russian or Chinese man and helping him pay for his next sex doll

That's true but the dad thing was kinda dick. Just saying.

fuck right off

nah

>

Whales have 2fa activated and the highest opsec. If u got over 100k in crypto you better have some security

That why I use Authy, fuck GAuth

So how exactly does 2fa stop a crooked website employee from getting at your cookies? The website shows you a screen that has the code on it. Wouldn't the employee have access to the code? In this particular case, I could see the person only choosing clients without the 2fa to steal from, so there's a reasonable case to be made for an outside party, like a keylogger on the client's device for example.

Reliably secure, unless someone else have access to your device with your google account.

well, what was it? not like you're going to use it again and we might as well laugh at you