Old daemon and wallet version 0.17.0.1
Careful of Fake Bittrex website
knightfang last edited by | Tip knightfang
By: davidp53 in bittrex
The post I resteemed is a big deal! I have heard from many people that have been taken by this scam.
Basically most people I have talked to are searching for bittrex on a browser on their phone. The fake site has one letter off and looks pretty authentic. It pretends you have login problems at first, and then requests your 2nd device authentication code. As soon as you put that in they go to work selling all your crypto. I have heard it is taking them about 5 minutes to exit with 100% of your daily limit.
Bittrex account with two factor on hacked of 130.000 USD with Bing ad
I am writing to you in search of advice and to make everyone aware of this danger. My friend`s bittrex account has been hacked yesterday and his whole balance (130k usd/32btc ) has been withdrawn to an eth address. He held an amount of 2330 NEO and 354 OMG which was sold into btc and then bought 439 eth which was withdrawn to this eth address: 0x29e7049f72b99b9f914f59abcea7b348e2484795 . Everything happened in 1 minute and 9 seconds.
This is how it happened: He tried to login through a different browser than he usually uses, he used Internet Explorer which had as a home page the search engine bing, wrote bittrex and clicked on the first page that was displayed. He put the user and pass in and then the window with “security check, checking your browser before accessing bittrex” stayed on a little bit longer than usual, but eventually the window asking for the two factor authentification appeared, he introduced it and after waiting a few more seconds he got the message that the code has expired so he had to reenter another one but still didn`t log him in. He then used Google Chrome and logged in right away only to see that his holdings were sold into btc, bought eth and that was withdrawn.
So it seems that the first address was a clone with paid add on bing so it baffles me how Bing/Microsoft can allow this. We placed a request to have bittrex’s support and take action against that page but didn’t get an answer so far and contacted bing as well but as i am writing the page is still up there above the original bittrex page. I got screenshots with the account history and the scam page which i can provide. Please be aware of this and advise in terms of legal solutions.
A typical man in the middle attack.
I always check, that the site I enter passwords is using https and that the certificate is valid.
This will help against this type of attack.
Wow, @knightfang , sorry to hear about your friend, thanks for the post.