I recently bought 100,000 Safex on Bittrex . 2days ago I got an alert on my phone that my account was accessed and I immediately disabled the account . Low and behold after jumping through an absurd amount of hoops to reinstate the account ,change passwords etc.etc. I open the account to nothing but zero’s as far as one can see. Don’t know how this can be allowed but the insulting part is the amount of bull@#$! that I had to go through to get back into my account yet in snap of your fingers it is emptied. I’m absolutely disgusted with Bittrex and have lost all faith in them as a professional exchange. Just a heads up for all of you who happen to work hard for your money , that you can get robbed even when you do every thing right. I hope this helps at least one of you folks.
I’m sorry for your loss. Were SAFEX transfered out of your Bittrex account?
They where sold first. Then transferred out as bitcoin. It’s quite painful.
So the hacker got past 2FA? Do you use only your phone to trade?
I Never use the phone. financially at least. Apparently i don’t know how but 2fa was engaged to keep myself from getting in my own account. Bittrex is supposedly reviewing the details, so, i won’t completely badmouth them just yet. Support seems to drag there feet then stuff like this slips through the cracks. I’ll keep my fingers crossed.and hope for something positive. At least i still have my shares in my Safex wallet.
Do you use home WIFI on your phone? Is the phone 24/7 constantly connected with the internet?
Sorry for asking too many questions, doing that to help you get to a conclusion of why and how it probably happened.
This is a hard lesson in holding coins on the exchange. I’m really sorry that this happened to you because it sucks to lose a member of the team. Your insights and contributions to the community in intellectual form that would be backed up by your stake have been jeopardized.
Please take good measure to protect your coins.
Yes, school of hard knocks - after Mt. Gox (feels like in the 90’) i never ever trusted an exchange more than 30Mins.
Buy a nano ledger for the main coins and for the few coins that are not supported yet, download LAST PASS - it is a browser extension / software and encrypts everything stored in there with your own private key (password) even attachments are possible - so upload the wallet.dat there and you should be fine - and easy to recover over PC or Phone.
Sorry for the loss!
Did you have 2FA on your bittrey account ?
BTW i find the headline distracting.
It sounds like you can steal SAFEX coins from its current wallet.
It is more about “Do’s and Don’ts with exchanges - how avoid getting robbed”.
do we have a 2FA for Safex wallet?
Sorry but that just doesn’t sound right… Please explain if you had 2factor authentication on your bittrex account or not? As this would make it close to impossible to hack your account. Unless you logged into one of the many fake bittrex accounts. Then it would log you into your real account on the hackers side. But, even then bittrex would not allow a log in from an unknown. So it would tell the one logging in to verify thru email of the new ip address. So let’s say even if you did have the same password for bittrex as you do with the email account associated with it. You would still be required to follow the link and log into your bittrex account using a newly generated 2fa code. So please clarify that you did not have 2fa enabled as the events would not have been able to play out as described if you did. As unfortunate as it is this has nothing to do with the security of the Safex wallet as your title would imply. This has to do with reminding others of the personal responsibilty in managing the welfare of your investments.
You do have to work hard for it. But, you have to work ten times harder to keep it.
I believe ChileWilli because the same story happened to me this afternoon!!!
I had 0.15 BTC and arround 52k of safex coins… And left my computer for about 3h, tried to access BitTrex from my phone few hours later and found out that my email was breached in the meantime together with my bittrex account.
I blocked the account, wrote to their support but no answer yet (this happened 2h ago). However when I got home my mac was still logged in there and I could see that my balance was 0. Although I changed password few times in the meantime, and also email blah blah… Very poor security level
I saw transaction history and have IP address (185.104.217.71) that leads to VPS company called Servebyte.
Transaction address:
Address: 13hzdtGghWBoKwgH4ZwjoFAiP4Zb4y4R4Z
TxId: 2e40f68083b6b43a476240c67015f98c2aaf83c0752738709704c1a05794b645
Funny thing is that today morning I registered and created my bittrax account to start tradding so I lasted for 5-6 hours totally with a loss of somewhere about $1200 USD
@Aleks sorry that this happened to you. You likely had your email hacked from long ago already. As a result hackers triggered your email as soon as they saw an opportunity to make an easy profit
The ideal solution is withdrawing from bittrex promptly after acquiring…
Thanks @dandabek but I doubt that my email was hacked long ago as I didn’t have any unrecognized devices before this… And also I update my password very often, like on a weekly basis, sometimes even more often.
I also got notification from gmail when the breach happened with info about the device but too late.
It was Windows/Chrome, Ireland/Dublin with IP I posted above… Coming from VPS
Sounds really bad …
Here is a reddit link.
Did you see those API Calls as well?
There is an explanation in there as well, how you can check if your PC is hijacked or not …
Yeah, those phishing sites are no joke.
So, if you have your IP whitelisted would that keep this type of thing from happening?
Did you enable 2FA?
Did you use “bittrax” site, if so then that is a phishing site.
So unless “bittrax” was a typo in your post and you meant to type “bittrex” then this is why you lost.
You must enable 2FA and use it to have decent chance of security.
Not necessary. A phishing site can cause malware to be loaded on your PC or to carefully craft the web page with javascript to log into bittrex using your browser.
But IP whitelisting is certainly going to help.
whitelisting, yes or (my preference) set the bitcoin withdrawal address to your nano ledger in the settings.
That way you can trade within Bitrex, but if money goes outside it will go to your wallet.