Every crypto trader's nightmare

no, you have API and secret key, probably he showed both without knowing.
Also you give permissions to those API Keys and you can see he uses those on at least one service, like Coinigy.

Ok i know but my point is that if some new service wants authorization, it should require 2FA at least once before it can start. Secret key or not, I dont get what's secret about it if it's displayed in the GUI. That's like storing a plaintext password then and displaying it back to the user, just dumb from bittrex.

Poor guy
something tells me this was stage and now he will ask for money

sounds like he scammed his friend and wanted to make it seem like theft

how would one break into an account with a "very strong password" and 2FA

This guy scammed his partner out of the money and is blaming it on 1337 h4x0rs. Jesus people are dumb

only 2 options here

>his partner is ripping him of
or
>this guy is ripping off his partner and trying to look innocent

but the whole point is that it displays the first time when you create it and you load it up on the service/whatever you want to give access to and it never displays again. From there on you only see the API Key value and permits that you can edit.
Let's say something happen and you want to keep using the same API Key and load it again, you can't you need to redo the whole process, unless you are an idiot and keep a txt file with API and Secret keys stored somewhere (which also could be a possible explanation).
The whole point of the API/Secret is to use it the second you create it don't store it anywhere except where you are using it and also using different API keys for different crap. I am annoyed that you can't name the API keys to keep easy track on your settings of who is doing what.

>steemit.com/bitcoin/@cryptoiskey/bittrex-update-probably-my-fault#@izbing/re-cryptoiskey-bittrex-update-probably-my-fault-20170623t083631458z
so, apparently bittrex investigated and it had to do something with sharing api keys

as I said before, he probably stored those on a txt file and reuse the same key on different places. That's a huge fucking mistake on his behalf. Beats the purpose of being able to create 20 different ones and having the option to just kill the one that's compromised or give read only permits to the ones you don't need to use to trade.

ah ok, I dont know exactly how this type of stuff is handled nowadays. I mean there are many ways of doing it. With stuff this sensitive when money is involved, I'd say it would still be a good idea to switch it over to a system where the secret key can never be used again after it was used once / can only be used from a certain IP, etc. Many ways to make it more secure.

post the full image you mother fucker

IIRC that's pretty much how it works on Bittrex if you set it up properly.
But again, there are people dumb enough to show this on a video on youtube, to copy paste that on a txt file they would leave on their desktop computer that they also use to watch russian granny porn with donkeys or worse, send it to a phone using stupid crap like push bullet, leaving a trail with this info everywhere.

Dumb fuck put API keys and secrets on YouTube because money wasn't enough, he wanted attention.

This video is old news. It was his boyfriend or he didn't have 2FA enabled.