You are viewing a single comment's thread from:

RE: $20,000 (7BTC) Stolen from Bittrex (captured live on video) Huge lesson learned

in #bitcoin7 years ago (edited)

Thats what i cant understand..and whats even stranger is how 2 of the amounts they withdraw were exactly the same 2.1990000 ...you can see here http://prntscr.com/fn3ugf it almost seemed like it was a bot doing it.

Sort:  

It probably was a bot. You have heard of ransomware - they operate by encrypting your profile and then demanding you pay bitcoins to clear it - these are malware infections, and you probably just suffered such a robbery... Bank robbers don't need guns anymore...

I run windows, but I am something of an IT expert, and I just basically don't run anything or visit sites that would have malware payloads. This is the real reason why you should be running adblockers, because, unfortunately, and a big fuck you to the advertising user-as-product business model who claim that there isn't a way to monetise digital content and services without advertising cough cough... Most such malwares arrive either in some crappy pirate software, or, more commonly now, injected into your web browser. It doesn't even have to escape the browser box to pull this off, though it has to hijack the pipe that connects each web page to the controlling application.

After such a horrible loss, I would suggest that you up your security and segregate either a computer, or an operating system, that is not used for general tasks or whatnot, just for money, and lock it down tight, strong password, and don't install anything more than the browser and cryptocoin wallets you need.

I am in the hole at the moment with poloniex to the tune of 1233 steem... I am kicking myself for using poloniex again, it's almost never been smooth or pleasant working with that site, and if I had just waited another 5 minutes for blocktrades.us to come back online, (and it did, directly afterwards), a little tiny bit more patience, I would not be in this situation...

I still want to go visit poloniex's offices and personally slap everyone who works there, and for good measure, I want the CEO's luxury car for my trouble.

Fucking criminals >_<

Excellent instruction, thanks! But:

After such a horrible loss, I would suggest that you up your security and segregate either a computer, or an operating system, that is not used for general tasks or whatnot, just for money, and lock it down tight, strong password, and don't install anything more than the browser and cryptocoin wallets you need.

But what if bittrex himself is infected??

And I think this 7BTC was stolen by bittrex, Not by malware bot.

The thing is, you need to have a lot more than adblockers, antiviruses and so on in order to beat the hackers... First of all common sense, which is hard to achieve. Secondly you need to know the way things can go wrong / malware can reach your computer or how phishing is able to mislead you. This knowledge is even harder to achieve... Funny things is, I'm an IT expert as well and Data Security specialist and even I have been hacked by a phishing website, which was a perfect https enabled secure certificate fake Ether Delta copy. So yes even the best most secure guys out there can be hacked in a matter of seconds when they make one tiny mistake.
I can guide you in a good direction by advising you to block http websites, check certificates, block plugins or other web services from running outside their virtual sandbox, disable flash player (for sure), keep your browser up to date... As you can see these ar all things you can change by simply setting up your browser correclty :)

mostly agree

What does Bittrex say? To get 2FA verified they would need to be on your phone

I havent heard back from them yet. I was using my Ipad mini.

Bots at work.....

Edit now i hear from hilarski that this video is actually fake.

Well he jumped the gun on that..he should have got his facts straight before he went around telling people that false information. He said that because apparently he checked with Bittrex and they didnt know anything at the time. But i had already sent the first email and they requested more info, i just hadnt had the time to actually submit the ticket at that stage because i was homeschooling my son. But if you check my latest post you can clearly see Bittrex has given me the info and it looks like it may have been my fault they were able to get my API keys.

can't you see your APIs in the previous video?

Yes but i was positive i deleted those ones before i uploaded that video to youtube. I had many sets in there because i thought you needed a different set for different applications. So the only thing i can think of is i somehow got the ones i used in the Coingy video mixed up with other ones and deleted the wrong ones. That is the only thing i can think of.