My account was hacked on HitBTC

hitbtc
exchanges
cybersecurity

#1

My account was hacked but luckily I did not have any funds in the exchange…

I received an email today saying there was a successful log in to my HitBTC account from the USA.
And if course I was not in the USA. So I immediately logged on by typing the exchange address directly on the web browser and did a password reset.
After resetting the password and activating the 2 factor authorisation.
I checked the login log. To find that the hacker somehow knew my email address and had been able to reset my password.

I was lucky to have not lost anything. But any coins I might have had in the exchange would surely have been taken…

So word of advice to anyone… don’t keep anything on exchanges and use two factor authentication…

I also seriously question the security of HitBTC also since They did not hack my email to change my password…


#2

I received two of those emails. I thought they may have been phishing emails though the link in the emails looked secure and legit. I emailed HitBTC to ask them about it and am waiting for a response. It’s a crypto exchange though so I’m not expecting any response within the next three years.

Funny thing is, I don’t even remember opening a BItBTC account…


#3

Go into your account and check the activity log. See if they actually managed to enter your account.
I thought it was a phishing email too until I say the log.


#4

I’ll take a look at some stage. Like you I didn’t have anything in there. No 2FA I’d imagine too. That 2FA is important.


#5

I just did a quick search of the USA IP address and apparently it is a well known Hacking group.


#6

The exact same thing happened to me last night, the attacker was able to somehow intercept the e-mail and reset the password, but they did not gain access to my account as I had 2FA enabled. The interesting thing is that they used the exact same IP addresses, from the Netherlands and Matawan, USA. The password reset e-mail comes from a “…mandrilapp.com” server, so I am assuming that it (or HitBTC itself) has been compromised, since I run my own mailserver (with ESMTPS) and there is no evidence of a hack on my end.


#7

3 days down. 1092 to go.


#8

#9

The delay to respond to tickets is not news on an exchange, but what is revealing is that the same attack, from the same IP addresses, is happening 2 days later and they have not closed the breach. It seems it has been happening for some time, from this blog article from October 27: https://blog.hitbtc.com/security-accouncement-on-hitbtc-passwords-recovery-system/


#10

I know it’s not. It’s the same with almost all of them in my experience.

Yes, that’s very fucking poor. I don’t think I’ll be using HitBTC any time soon.


#11

Yes. As I said, the IP address of the MATAWAN USA access is one of a known hacking group… why would those IP addresses not be blocked as standard procedure…There must be a list of the IP of known hacking groups out there. I am sure even Mcafee antivirus would have a list of them to compare against.


#12

MIne was also attacked :I leave in Dubai, but someone from Mexico just joined.

2018-09-07 07:47 Sign-in Desktop Chrome 67.0 WinNT 177.242.42.68 Querétaro City, Mexico