Bittrex sign-up not working
4 stars based on
Yesterday, Friday August 12th, an unauthorized person s entered my Bittrex account, cancelled my Open sell orders of 3. The whole process took the attackers roughly 15 minutes, it well executed and I want to warn others to stop the possibility of it happening to them. It's a bitter pill for me to swallow as by day I am a network engineer, Cisco certified, I've studied for CEH and have been using network devices to stop what happened to me happening to users of our corporate WAN for the past 10 years.
I've lost some pride and quite frankly I am a bit embarrassed that this has happened but the experience needs to be shared for the greater good against the evil. So what happened, excuses aside I am going to detail the process from start to finish, then look at what I did wrong because I missed some warning signs and then I will look at other aspects out of my control that were beneficial to the hackers. I was presented then with what I now know to be a fake bittrex.
I proceeded to login. I was then shown a browser security check screen below which was not up for long 1 - 2 minutes max and then asked for my 2FA code at which point I was presented with the browser security screen check again. Then everything then clicked in my brain and I knew I was being robbed, the hackers were obviously in the account at the same time as I was and were looking to now move the BTC, so I went to the support section to see if was possible to make contact with Bittrex, nothing was strikingly obvious but I somehow managed to disable my account, see Bittrex Logs below.
However, despite the fact I thought I had disabled the account, it told me it was disabled and it showed disbaled in the logs the funds still left my account and hit the Blockchain 3 minutes later https: I emailed Bittrex as advised in the security email but got a reply saying log it through the 'Submit a Request' form. I logged a ticket with Bittrex through the contact form yesterday at For something quite important like an account being compromised it seems I was going in circles, perhaps I should have familiarized myself with the process for this exact type of situation.
I used a search engine instead of accessing the Bittrex directly. I never usually do this, I switched from Chromium to PaleMoon that morning as I was seeing some lag, the PaleMoon default page was set to use Duckduckgo.
I didn't thoroughly check the cert although I did take a quick look at itI'll discuss and examine the cert in more detail later. The disable account setting does not appear to do anything in Bittrex. Funds still left my account and I was able to access it multiple times after despite the fact it was meant to be 'locked' for 24 hours from me hitting the button. Although you can IP white list on Bittrex not useful for me as my ISP IP is dynamic the fact that for the first time persons entered my account from IP's in Poland did not flag any warning signs to the system.
I did not receive an withdrawal email notification to my email address. Turning one layer of protection on should not by default turn another layer off. I would have been able to stop the transaction if I were still getting email notifications. Multiple levels of security is much better in any situation, the trade off is convenience which doesn't compare to losing a shed load of money. There is not quick support on hand from Bittrex, you need to go through a maze of questions to fill out a form by which time your account would probably already be empty.
A kill switch that works would be nice. So looking at the cert in more detail I was initially puzzled because when I checked the cert during my fake sign in I got this message when I clicked on the cert info:. However using IE I was able to look at the subject alternative name and see the cert was dodgy by the other sites listed in there, below left is the fake site and below right the real one. What puzzles me is how the cert was issued by a Trusted CA such as Comodo. I'll get in touch with Comodo to see what happened here unless someone can enlighten me?
Thanks for reading and if you use or know anyone who uses Bittrex please share, I would hate someone else to go through what I did. As you know, going anywhere important should always be done directly via address bar. You simply made a common error of most victims on the internet, clicking a link on a web page. Not a fan of duck search engine so I can't share any info. Consider it as hard lesson learned.
And regarding your funds, good luck to recover it but I doubt it. I backed out of something recently after thinking twice. Thanks for reminding me of that point. Wait a second, even if the attacker got into your bittrex, shouldn't he had to hack your email adress too, for withdrawing your funds? In that case I suggest you to change your email password or change directly email provider, for better security.
It appears email withdrawal notifications were turned off automatically when I switched to 2FA? That's why I said they should not be turning off a layer of protection in favor of another layer, multiple layers of protection is far better.
To be clear my email account was not hacked, I could have stopped this is the notifications were on. Thinking about it the attackers could have disabled this feature when they gained access to my Bittrex account. I gotta admit they have been smart, in this case, yeah I saw a couple of "better" attempt at phishing, using ascii letters for replacing the "i" with something really similar, but I would have never clicked on an ad, it's even if it comes from ducky.
How do people steal for a living and think it's okay? Really puzzled by people's justifications for theft and dishonesty. I am so sorry for what happened but thank you for this post. Very good information in the post and comments. I will always be typing straight into the address bar from now on. Getting crypto stolen sucks big time.
At least you didn't willingly give it away like I did one time years ago I had recently enabled 2FA, I am not sure if this turned off email notifications on withdrawals automatically or the attackers turned off this setting when they got into my account. When I checked it was off though, I certainlu used to get them. My email was not hacked. Thanks for the heads up. My Upvote is not much, but it is a shiny nickel! Don't spend it all in one place.
Keep On Steemin On!! Thanks for warning us, and giving us such detailed information of how to avoid this I now have to be more careful when using new browser and uncommon search engine I am new to all this and still find myself reading all these types of posts even without an account, yet.
I read one recently where someone else was showing a bogus site and showed the slight differences. We are clearly swimming with sharks and as a minnow that is scary. BTW your thumbnail photo did not show up on my feed I recently read this causes it not to show up. While it's a tough pill to swallow, really appreciate the detailed info. Hopefully this can stop future attacks to anyone else.
I myself greatly appreciate the info being new to all this. Wow, I appreciate that you took the time to explain it to us all. If it prevents one of us from going through the same ordeal, it was well worth it. Yes but the fake site requested the 2fa code, to be honest it was a pretty well constructed attack.
Like I say it was all done in less than 15 minutes, I acted pretty quickly but they still got the funds out. About the Comodo and certificate Someone registered SSL certificate for a domain named bLttrex. It's our brains that are "reading" a letter L as a letter I. It's a common phishing tactics. Use your bookmarks to get to the crypto exchanges is easy and quite effective way to eliminate false addresses. Thank you very much for the info.
Probably not easy to throw out there considering your your level of expertise and line of work. Very glad you did though, a lot of us here at Steemit are relatively new to cryptos and the minefield of tricks and scams that surround it. Posts like these add much needed wisdom to the platform and might just save others from making the same error.
People should stop being naive and start treating their accounts with more respect and maximum security. Quite frankly, I have no pity when people fall for scammers. Thanks for the heads up.
Sorry you lost money. I use Bittrex too so will be sure not to click ads. They are so good at faking sometimes. You have completed some achievement on Steemit and have been rewarded with new badge s:. Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here. If you no longer want to receive notifications, reply to this comment with the word STOP. By upvoting this notification, you can help all Steemit users. This was a well thought out attack and i'm sure they must have gotten a lot more unsuspecting and less sophisticated folks. The whole problem as you clicked not a search result, but an add. The name is almost the same, but they use "l" instead of a "i" in the URL.
Really hard to distinguish, I stared long time on the image I have one question: Good Morning, I've been robbed. The top result was an 'AD' I shouldn't have clicked on this but I didn't notice it.