[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/biz/ - Business & Finance

View post   

File: 172 KB, 923x1078, IMG_4982.jpg [View same] [iqdb] [saucenao] [google]
3213931 No.3213931 [Reply] [Original]

Just lost $30k in assorted alts on Bittrex.
Had 2fa active. They came in and sold all my alts for btc then sold that for eth the used the eth to pump bitshares until the eth was gone.
Left me with $80
No clue how this happened.
Pic related: me looking at my wallets tonight.

>> No.3213937

>he posted his api keys somewhere
I almost feel bad for you.

>> No.3213943


>> No.3213949

Do you have api keys? Because that's the only way this would have happened other than a phishing attack.

>> No.3213963

I don't have api keys, and to my knowledge I didn't fall for a phishing attack.

>> No.3213970

You got bittrex'd

>> No.3213976

How strong was your PW? I have 20+ random characters.

>> No.3213978


>> No.3213980

my ass you got hacked with 2fa active. you're just spreading FUD for some stupid reason. kys

>> No.3213982

>Had 2fa active

nice bullshit story

>> No.3213984

Darn strong. And I was using Authenticator.

>> No.3213988

omg just lost 100k!

>> No.3213991

I once read that the best password is three random words

>> No.3213995

I told people not to use buttsex several months ago. There is a whole thread on bitcointalk about people getting their wallets cleaned out, YES, with 2fa ON.

>> No.3213999

I bet they are using trading bots and shit

>> No.3214002

>hodling my OMG and finally managed to stop checking the price every 10 minutes
>read this thread
>log into bittrex for the first time in a few weeks to make sure my OMG is safe
>now checking the price every 10 minutes again

>> No.3214003

>my ass you got hacked with 2fa active. you're just spreading FUD for some stupid reason.
Contemplating it

>> No.3214005

it's all fucking BS. if you are going to make the extraordinary claim that an account with 2fa has been hacked, you need to post proof.

>> No.3214006

Look out for a keylogger.

>> No.3214015


I posted it before, here it is:

Unless you think those accounts are connected with each other to fud against buttsex (which would make you an idiot - look at their history), there are big ongoing issues. OP did you have a legacy account? Those also seem to be hit more often. People in the thread had 2fa ON.

>> No.3214022

Last post: August 17, 2017. first post - April 2016.

>> No.3214023

If you are hodling why don't you have it on MEW instead of a shitty exchange? You won't even take advantage of the airdrop if it's not in a personal wallet.

>> No.3214026

I had what Bittrex calls a "new" account even though it was over a year old. It's the most basic account you can have. And again, I did indeed have 2fa on.

>> No.3214027

That's true I just started doing that and added a 10 digit number after it

>> No.3214049
File: 59 KB, 654x507, 1243412343.png [View same] [iqdb] [saucenao] [google]

Just received this email yesterday from bittrex. I stopped using bittrex after they implemented stringent withdrawal limits. Glad I did.

>> No.3214051

Feelsbadman, bittrex won't do shit for you. Try to connect with people in the thread, a theft has occured and its a crime not to be downplayed. You guys need to organize and get bittrex to own up to that shit, the platform is not as secure as they say it is, but of course they try to blame it on the users. I'm not gonna lie - holding that much crypto on an exchange wasn't too bright of you either.

>> No.3214061

At this point I trust mercatox and cryptopia more that i trust bittrex. Still would never keep more than a couple hundo on them.

>> No.3214069
File: 91 KB, 740x601, gtpassword_strenh.png [View same] [iqdb] [saucenao] [google]


>> No.3214097



It's impossible.

>> No.3214102


You probably logged into "blttrex" instead of bittrex

>> No.3214107

yes you did you fucking moron, you don't just magically get hacked out of nowhere you fucked up and brought this on yourself

>> No.3214108


>> No.3214113

I knew I was playing with fire, but fuck.

>> No.3214127

I only ever log in from a bookmark on my phone and a bookmark on my laptop.
Both are correct.

>> No.3214134

Holy shit guys I just lost $69k on bittrex sell selll sell

>> No.3214139

>log in from my phone
there it is
use only a pc which is absolutely clean
don't torrent on it
you should be good unless someone you know personally is IT savvy and wants to fuck with you

>> No.3214144

you used 2fa? with goog authenticator and not sms?

something's not right with your story

>> No.3214146

>post is about people without f2a that got hacked
Lol n1

ITT fudders/retards that fell for phishing

>> No.3214147


>what is a dictionary attack

>> No.3214153


>> No.3214155


>> No.3214157

Then how the fuck did it happen? You fucked up somewhere, you are the weakest link, don't delude yourself

>> No.3214160
File: 9 KB, 466x249, WTF.png [View same] [iqdb] [saucenao] [google]


>> No.3214168

I've read 20 random posts, all suckers with no 2fa on and thousands on their accts. Not gonna sift. Post proofs or stop larping.

>> No.3214170

>you used 2fa? with goog authenticator and not sms?


>> No.3214175

obviously not telling the whole story. What stupid thing did you do, OP? It's ok we won't judge.

>> No.3214181

do watch porn or visit any weird sites on your phone?

>> No.3214186

It's always the same story and it's always bittrex. Either some exchange has a weird viral campaign or this shit is actually happening.

>> No.3214187

have you rooted your phone, OP?

>> No.3214191

What's this 2fa?

>> No.3214192

4ch and 8ch are as weird as I get.

>> No.3214201

it's faggots wanting to take down the best exchange with rumors and whatnot. this is also a good way to make morons panic sell to get off bittrex.

>> No.3214204

two factor authentification, you enter random numbers that respawn on your phone every few seconds


>> No.3214209
File: 25 KB, 325x325, IMG_4984.jpg [View same] [iqdb] [saucenao] [google]


>> No.3214212

Do you use Microshit Windblows?
That's why.

>> No.3214214

I don't get the motivation unless it's an exchange or the same guy just does it occasionally for lulz.

>> No.3214225

All Mac applefaggotry here

>> No.3214226

Post a screenshot of the trade history

>> No.3214231

authy being able to sync across devices seems incredibly bad from a security perspective, i'll stick with google authenticator on a phone which i never connect to the internet and only charge via a wall outlet, thanks

>> No.3214233

agreed. start posting proof, OP

>> No.3214237

but then... you better back up every captcha code because if you lose your phone you lose a 100k accoun

>> No.3214240

anyone that gets their shit stolen from bittrex is a literal mouth breathing monkey

there is an ip whitelist option where it makes it IMPOSSIBLE for anyone aside from the whitelisted ips to make any orders or withdraw money

>> No.3214243

>writing down the private key to your 2fa is so hard

>> No.3214251

alright, you win

just trying to help noobs

>> No.3214252

you are a fucking moron if you don't take the time to securely back up those phrases and put significant amounts of cash into such accounts

>> No.3214253

I took a picture of the api key and uploaded it to gmail, is it safe or should I write it down and delete it?

>> No.3214262

You could make your password "10" and you wouldn't get hacked with 2fa on. Fuck off.

>> No.3214264
File: 114 KB, 699x907, IMG_4986.jpg [View same] [iqdb] [saucenao] [google]

Me getting cleaned

>> No.3214268

Sometimes the right time to buy and sell happens when you're wagecucking.

>> No.3214269

fucking hell m8, why would you do that? you should always store that which you can store offline, (ie on a piece of paper) offline. No wonder so many people lose so much fucking money on this website not taking security seriously.

jesus fucking christ

>> No.3214273

pretty good buys on bitshares. how do we know you're not just stocking up for the next big moon mission?

>> No.3214280

you fucked up already btw this way, detach your authenticator and attach a new one with a new key and write that key down and don't store it fucking online, moron

>> No.3214281


>> No.3214286

What do you think is more likely. Google getting hacked and a hacker finding your shit amidst a fuckload of other shit, or your dumbass forgetting/losing the keys?

>> No.3214289

if you aren't able to secure your own stuff you shouldn't be in crypto in the first place, it's literally what crypto is designed for

>> No.3214296

so assuming you can secure your own stuff offline it is infinitely better than storing it online on any kind of service

>> No.3214300

Why didn't they just take the money?

>> No.3214304

they did, by filling their own buy orders obv

>> No.3214306

No, because your hard drive is far more likely to fail than a hacker accessing your gmail account.

>> No.3214319

offline being a piece of paper or anything air gapped from a pc obv or a cryptosteel or something

>> No.3214320

Why not store your keys in a dedicated USB stick with keepass?

>> No.3214328

Easily lost, forgotten about, wife/mom/sibling throws it away by mistake etc..

>> No.3214333


if they can hack your 2fa cant they just change that setting too?

>> No.3214334

There's something you're not telling us OP. It's impossible to hack an account with 2FA even if you know the password. Do you live with other people? Could it have been your roommate or something like that?

>> No.3214336


>> No.3214340

>he doesn't have a dedicated fireproof safe for his crypto stuff

>> No.3214341
File: 10 KB, 165x183, 39479133719239939.png [View same] [iqdb] [saucenao] [google]

>store 2fa keys online
could be hacked
>store 2fa keys on hard drive
hard drive fails
>write 2fa keys on paper
paper is destroyed, house fire, etc
>store 2fa keys on engraved metal
metalworker knows your keys, keys change, etc
>memorize keys
forget keys, kys autist

any other options?

>> No.3214344

as i said, assuming you can securely store it

but go ahead store all of your shit online

>> No.3214348

taint tattoo

>> No.3214358

Oh, I forgot
not enough room to store all my 2fa keys
splendid, now the escorts get my keys

>> No.3214372

Engrave the metal yourself, dummy.

>> No.3214382

well than, sell all of it and never look back

>> No.3214383

Dubious. Why did you keep your coins on the exchange?!

>> No.3214390

all these dummies storing their crypto on exchanges

>> No.3214397

>splendid, now the escorts get my keys
If they ask just tell them you were in a concentration camp. Escorts are stupid.

>> No.3214398
File: 56 KB, 960x928, 1503612285700.jpg [View same] [iqdb] [saucenao] [google]

no metal engraving equipment

>> No.3214401


>> No.3214409

>salt water

>> No.3214412

So the only way they could have got on is if they trace this phone to his account and hacked his phone. I would say Hop was probably visiting a RedTube. $30,000 is definitely worth their time.

>> No.3214438

>he didn't make enough gains to afford a metal workshop

>> No.3214439

Did you contact support? They can't drain their your coin that badly by just buying bit shares. You are full of it

>> No.3214449
File: 33 KB, 137x163, 64743379059005.png [View same] [iqdb] [saucenao] [google]

first halfway decent idea
would it be more believable if I took a sharp stick and scratched my key into my armpit?

>> No.3214453

Your fault

This. Or a set of punches even, if you want a dog tag

>> No.3214454

Bit shares price has t changed much. In order to drain your account hat way it should have gone to 1000% or so and then come down. That didn't happen

>> No.3214460

Heals over time m8

>> No.3214461

How is it impossible? Don't post if you have no idea.

>> No.3214471

If you had the most basic account, you can't even properly withdraw bitcoin...

>> No.3214480

I have my keys stored in a debian VM that I've backed up to two different encrypted external hard drives, and on google drive with 2fa on.

>> No.3214485


OP are you really that much of a faggot that you would sit here and play 20 questions with /biz/ after losing a bunch of money? no one does that.

>Contemplating it
no actually do it. please kill yourself.

>> No.3214607
File: 60 KB, 499x499, 1442164348784.gif [View same] [iqdb] [saucenao] [google]

You must have logged into a non official bittrex site OR used a false third party app.


1. Use adblock and favourite the official bittrex site
2. Ensure https protocol and check that ssl signature is bittrex
3. Use 2FA
4. NEVER EVER EVER use 3rd party apps

>> No.3214615

honestly even if you have a virus but use an antikey logger you should be fine. Antilogger free is good

>> No.3214684

- Topics about Bittrex "hacks" have been happening regularly for over a year, on various places. On /biz/ alone we get these topics on a monthly basis.
- Accounts targeted have a few thousands to low dozens. They are always cleared out with the hacker buying another alt.
- Accounts targeted tend to lack 2FA, but there are a few reports of accounts with 2FA being hacked.

It's overwhelmingly likely a Bittrex insider embezzles just enough money from random accounts to not trigger a widespread pitchfork campaign against Bittrex. The idea of a FUD campaign or a stupid OP is tempting to those of us with coins on the platform (we want to believe we're making rational choices in staying there), but the length of time this has been happening for as well as the variety of victims makes this unlikely.

>> No.3214709

Its not that unlikely either. In other industries this happens as well.
People have been complaining about GoDaddy domains being transfered to China for example. Which would only be possible with an insider.

If something is worth money you will have attackers.

>> No.3214731 [DELETED] 

>non-FDIC insured exchange
It's like you wanted to get Gox'd

The 2FA on Trex is broken. It leaks auth codes. Expect more.

>> No.3214792

I come from a network security background and can tell you right now 2FA is a meme and will increase your chances getting hacked due to several factors. Just use a strong random generated password (I use 32 characters which will never get bypassed even without captcha unless whole database gets hacked somehow). Just store it in a word/text file with a backup or trustworthy password manager.

>> No.3214796

Did you use public wifi?

>> No.3214801

how does it increase your chances of getting hacked if you are using an auth app?

>> No.3214806

You need some ETH?
Post address, anon :)

>> No.3214808

Cryptopia is also scammy yobit tier website. But you probably know that. Remember though their admins are Muslims who behave like 15 year olds so if you ever run in a problem you're on your own

>> No.3214822

Outside America there is a thing called dynamic ip

>> No.3214825

The main issue would be if an online TOTP auth (e.g. Google Authenticator)'s account were compromised. This is why you should use offline apps like FreeOTP & a password manager like Keepass 2.

The other stuff is him talking out his ass because apparently full database leaks never happen on shitty PHP infrastructures? Idk, he's stupid and full of shit, especially since he's telling people to store things plaintext when the next major attack vector is malware scanning the disk / clipboard for wallets & credentials

>> No.3214828

Those are some good trades man

>> No.3214884

Could also be rival exchanges paying shills to say shit about bittrex

>> No.3214896

If your going to do that, might as well have a Linux distro on USB and boot from that. No chance of being hacked

>> No.3215078

Daily reminder that everyone who makes these threads is either a polo shill or a retard who fell for phishing scams.

Sage & report. Bittrex is the best exchange out there and has always been.

>> No.3215093

Exchanges always get hacked
People using exchanges always get hacked

airgaped pc cold wallet only way to trade. never let a exchange hold your coins

>> No.3215150


>> No.3215158
File: 115 KB, 727x639, 1483891679156.jpg [View same] [iqdb] [saucenao] [google]

>storing $30k on a chinese child labour factory
Kek you had it coming

>> No.3215248


Nice! Just bought 100K

>> No.3215265


>> No.3215277

Dude literally same exact thing happened to me last month, lost 4 btc. Had 2fa enabled and never once used API or activated it.

Felt fuckin bad man.

>> No.3215305

>I really got hacked
>believe me
>what, post the order history? no! you'll use that to hack me!

>> No.3215318

They pick some "lucky losers" from time to time when Bittrex owners wife needs a new mink coat. This time you were the unlucky one.

>> No.3215323

How do i get my keys for 2fa on buttrex

>> No.3215338

Same happend on kraken. They sold 750 eth to zcash and transfered it away. This happend 1 year ago

>> No.3215367

Zip all keys with a strong password backup in 3 usb drives put in 3 different places

>> No.3215416

Mein gott a lot of clueless RETARDS here calling others stupid. I suppose its too much to ask of people TO KNOW WHAT THEY ARE TALKING ABOUT and ACT NICE but hurrdurr LET'S BE IDIOTS & IGNORAMUSES and call others idiots out of our own ignorance because that's the 4chan way, r-right guise? <- newfags. Polo has even had a specific 2fa exploit that only works if the user uses 2fa, so youre actually less secure with 2fa... Bittrex has had these things happening for aeons.

>> No.3215477


>> No.3215523

Go to walmart and use one of those automated pet tag kiosks

>> No.3216108
File: 1.10 MB, 500x281, 1503190105977.gif [View same] [iqdb] [saucenao] [google]

dictionary bruteforce?

>> No.3216264

Yes, that's exactly why you don't use dictionary words. Retards just look at the difficulty in terms of the number of bits, but in reality you just reduced it to a combination of 4 words from ~3000 common english words which is trivial to crack. Capitalization and obvious substitutions don't add much to the difficulty, either.

And of course you get more idiots saying "you're not going to pound a server with billions of password attempts", who don't realize that these attacks involve first gaining unauthorized access to the server, cloning the database, then brute forcing the encrypted accounts locally where you have all the time in the world. Most ITfags are too incompetent to even realize their server was ever compromised.

>> No.3216268
File: 58 KB, 556x493, oh daddy don&#039;t! not in public!.jpg [View same] [iqdb] [saucenao] [google]


Unless you have 300K in cryptocurrency, there shouldn't be a reason for you to keep 30K on an exchange, also buy a netbook they are cheap as fuck, install ubuntu & keepassx (generate 24 char password for each exchange, sms verification for the gmail that you use on exchanges) and do your trades there.

Use electrum and offline myetherwallet.com on ubuntu for cold storage.

Easy 10/10 security.

>> No.3216298

Probably got into a phishing site, and you are unaware of what you did. Bittrex recently sent an email announcement about the rise of phishing sites masking the official Bittrex site.

>> No.3216754

nice just lost 100k

>> No.3216762


>> No.3216847

This has me scared :/

>> No.3216888

Why are you posting boring stale memes

Why are you laughing at them

>> No.3216968

get fucked

>> No.3217608

If this did actually happen. why haven't you looked at your login history under your account?

>> No.3217630

what did you download recently?
post your btrx history, I dont believe you if you didn't download/go to shifty sites recently

>> No.3217641


>> No.3217888

I find it really hard to believe that a combination of four random words as password is easy to crack, even if they are common english words, and the cracker has all the time in the world. Unless of course his bruteforce program is designed with those type of passwords in mind...

>> No.3217928

Refer to
Most of the time you clone a copy of the DB, hash your own password to figure out the type of hashing algo, then use a cluster to do parallelized brute Force with rainbow tables.

>t. White hat


>> No.3218031

I use KeePass to generate random 20 char passwords.

I'm safe right?

>> No.3218077

just changed my password to 50 random characters

>> No.3218130

I only know the very basics of programming, but I think I understand now. A key element to password cracking is reverse cryptography, I never knew.

>> No.3218235

Are you black?

>> No.3218325

>I come from a network security background
>Just store it in a word/text file
something tells me you got fired

>> No.3218951

retards thinks there is any other way of measuring security than the number of bits of entropy. 4 words have 44 bits of ENTROPY (which is not enough btw), it doensn't matter if you have the exact set of words used, in fact that's the best possible scenario.

>> No.3219045

>I come from a network security background
>Just store it in a word/text file