BITTREX

DESCRIPTION OF EVENTS

"Bittrex was founded in 2014 by three cybersecurity engineers. Our goal is to operate a world-class crypto exchange with a focus on trust. With lightning-fast trades, dependable digital wallets and industry-leading security, we've created an exchange our customers can count on." "Bittrex Global is one of the most secure trading platforms in the world. Built on Bittrex’s cutting-edge technology, we provide an institutional grade experience for professional and novice customers alike." "When choosing an exchange, trust matters. That’s why security has been and will always be our top consideration. Our platform was built from the ground up with multiple layers of protection, deploying the most effective and reliable technologies to keep funds and transactions secure."

"Bittrex Global is based in Liechtenstein and Bermuda, placing us in world class financial systems governed by revolutionary legislation. We operate under the framework of the Digital Asset Business Act (DABA) in Bermuda, and within the Transactions Systems Based on Trustworthy Technologies Act (the “Blockchain Act”) in Liechtenstein. Bittrex Global (Liechtenstein) is required to comply with the KYC/AML/CFT standards under the Due Diligence Act and is supervised by the Financial Market Authority (FMA). Bittrex Global (Bermuda) Limited is fully licensed to conduct Digital Asset Business by the Bermuda Monetary Authority (BMA) and is registered in Bermuda under No. 55591."

"So today I went on www.bittrex.com to create an account and deposited roughly 26 BTC and traded them for other coins. Of course before doing this I did the basic verification, phone verification and enhanced verification and the 2FA authentication. I tested everything out and everything seemed fine... Then I logged out at 18:54:27 2 Hours later I come home and try to log in and it says that Bittrex is checking for my browser and that this might take up to 5 minutes. Few minutes later it goes through and asks me for my 2FA which I provide. Again it takes a long time and ends up failing. So I wait a bit and do the whole process again and when I finally log in I notice that everythings gone... All my coins were sold for btc and gone. So I check the history and this is what I see... NEW IP LOGIN UNKNOWN_IP_WITHDRAWAL_APIV1_SUCCESS NEW_IP WITHDRAWAL_APIV1_SUCCESS and then a few mins later I log in... so what happend?"

"Most likely you logged onto a spoofed phishing site, and it sent api calls to the real site to get valid account balance info/etc so it would look normal to you. As soon as you logged off, it sold your shit and sent it to that great wallet in the sky." "The momentary delay during your initial login was them creating the API keys that would later be used to transfer their loot out of the system."

Explore This Case Further On Our Wiki

A Bittrex user reported having $100k in funds withdrawn from their Bittrex account during a suspiciously lengthy login session. This most likely happened due to them visiting the wrong website URL or having malware on their computer to redirect their traffic to the wrong website.

HOW COULD THIS HAVE BEEN PREVENTED?

Always be sure to access websites using their official URLs. If a login requires an extra steps of 2FA codes, be extremely suspicious.

Platforms should provide additional protection against access/withdrawal from a new IP address or to a new wallet address not previously used. The 2FA system should be more clear on what's being authorized if possible.

Check Our Framework For Safe Secure Exchange Platforms

Hacked on bittrex for 100k. Need to know what happened : CryptoMarkets (May 4)
Buy Bitcoin & Ethereum | Cryptocurrency Exchange | Bittrex Global (Jun 4)
About Us | Bittrex Global (Jun 4)

More case studies

Bancor Front-Running
Possible

Xtreme Coin
MLM Exit