Guys, on Telegram groups I'm reading about various people who got their Bittrex accounts hacked despite using the 2FA, is it true?!
Its impossible. They don't know what a hack is. Ask them if they enabled their API? If it is then they dont realize that its a key to their account and if someone got hold on it then they can use their account. They just don't understand what an API means and what it can do.
Very simple, don't enable your API.
It's not necessarily a hack, it's a phish. The fake site asks the user for their login and 2FA, then says it failed, wait a few minutes then try again; then when the user tries again, it uses the second 2FA code to withdraw funds. No API required for this, it can be done by front-end HTTP requests.
Quite sophisticated phishing hack, but it's definitely possible (as that is what is happening).
phishing is a very old way of getting login details of other people by deceiving them that they are using the same website but in reality its fake. it very hard to think that people will get into crypto currency and still does not even know what phishing is and still getting bait on that.
its really possible and common thru the use of API. because some users dont know what an API means, its a way to give access to an external application to control your account. so if you give away your API to other website or untrusted application then its just the same as handing out your house key to a stranger and then you will be surprised how where they able to get inside your house.