Hello
Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.
Here is what happen:
I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...
I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.
I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.
So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!
I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.
Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....
Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer
Just saw that this guy (https://bitcointalk.org/index.php?topic=2069938.0) has the same problem
I also got hacked yesterday. I made a ticket 18h ago but i still got no answer from Bittrex.
Here is what happen:
I was already logged in and i was on the wallete page.
I hit the "F5" button to refresh the page and it starts loading and loading and loading...
After 2-3mins it's still loading. So i closed the browser and tryed to login again...
I enter username and password, press enter and then i get the info "security check - checking your browser before accessing bittex - can take up to 5 minutes"
So i wait... Then i get to the next step. Enter the code for the 2FA. I enter the code and i have to wait again "securitx check - checking....ect"
I don't get access cus it takes to long. So i have to try 2-3 times...but no success.
I closed my browser, cleaned the cache, tryed agein...no success.
I closed my browser again, cleaned cache and coockies, tryed again...and yes...access...i'm back in.
So i open my wallet...and there is a "Pending Withdrawal"! - Status of the Withdrawal "Authorized"!
I was like: What the ####!!!!
I hit the cancel-button again and again but it was to late. Transfere had alredy started.
So i mad a printscreen, opend a ticket and send it to the bittrex support. After the transaction went through, i also had the txid. I made a new printscreen and send that also to bittrex support.
Then i checkt the logins on the bittrex page and i see an ip-adress the tha is not mine and made a printscreen.
Next step: ip address lookup....the ip address is from Russia (another printscreen)
And no, i don't live in Russia....
Well, as i said in the begining...i made a ticket 18h ago...and i still got no answer
This is weird... How the 'hacker' was able to gain access to your email PLUS your 2fa is pretty much baffling. Plus he was able to withdraw an amount from a foreign IP without letting off any alarms in the bittrex security system which is supposedly one of the most secure in the industry.
I've seen other complaints similar to this one and this definitely isn't an isolated case.
It could well be an insider job, however there is nothing that you can do to prove it. Bittrex will probably think that you are faking all this and trying to get extra money, so they probably won't give you the money even if you are obviously telling the truth because if they set a previous example then everyone will just fake theirs. It's quite easy, a VPN is all you need. I'm not saying that you faked it, though, just to be clear.
Are there any vulnerabilities that could have led to the demise of your account?