My account was hacked on HitBTC

hitbtc
exchanges
cybersecurity

#1

My account was hacked but luckily I did not have any funds in the exchange…

I received an email today saying there was a successful log in to my HitBTC account from the USA.
And if course I was not in the USA. So I immediately logged on by typing the exchange address directly on the web browser and did a password reset.
After resetting the password and activating the 2 factor authorisation.
I checked the login log. To find that the hacker somehow knew my email address and had been able to reset my password.

I was lucky to have not lost anything. But any coins I might have had in the exchange would surely have been taken…

So word of advice to anyone… don’t keep anything on exchanges and use two factor authentication…

I also seriously question the security of HitBTC also since They did not hack my email to change my password…


#2

I received two of those emails. I thought they may have been phishing emails though the link in the emails looked secure and legit. I emailed HitBTC to ask them about it and am waiting for a response. It’s a crypto exchange though so I’m not expecting any response within the next three years.

Funny thing is, I don’t even remember opening a BItBTC account…


#3

Go into your account and check the activity log. See if they actually managed to enter your account.
I thought it was a phishing email too until I say the log.


#4

I’ll take a look at some stage. Like you I didn’t have anything in there. No 2FA I’d imagine too. That 2FA is important.


#5

I just did a quick search of the USA IP address and apparently it is a well known Hacking group.


#6

The exact same thing happened to me last night, the attacker was able to somehow intercept the e-mail and reset the password, but they did not gain access to my account as I had 2FA enabled. The interesting thing is that they used the exact same IP addresses, from the Netherlands and Matawan, USA. The password reset e-mail comes from a “…mandrilapp.com” server, so I am assuming that it (or HitBTC itself) has been compromised, since I run my own mailserver (with ESMTPS) and there is no evidence of a hack on my end.


#7

3 days down. 1092 to go.


#8

#9

The delay to respond to tickets is not news on an exchange, but what is revealing is that the same attack, from the same IP addresses, is happening 2 days later and they have not closed the breach. It seems it has been happening for some time, from this blog article from October 27: https://blog.hitbtc.com/security-accouncement-on-hitbtc-passwords-recovery-system/


#10

I know it’s not. It’s the same with almost all of them in my experience.

Yes, that’s very fucking poor. I don’t think I’ll be using HitBTC any time soon.


#11

Yes. As I said, the IP address of the MATAWAN USA access is one of a known hacking group… why would those IP addresses not be blocked as standard procedure…There must be a list of the IP of known hacking groups out there. I am sure even Mcafee antivirus would have a list of them to compare against.


#12

MIne was also attacked :I leave in Dubai, but someone from Mexico just joined.

2018-09-07 07:47 Sign-in Desktop Chrome 67.0 WinNT 177.242.42.68 Querétaro City, Mexico


#13

Apart from using 2FA (this is the basic protection tool for all exchanges) and immediate withdrawing funds to private wallet, I can recommend using more secure platforms. There is no reason to list all of them here, as you can easily found reviews and recommendations as this one about bitquick - http://bitority.com/review-of-bitquick/, or other similar articles, where you can determine whether this exchange protects your crypto or not. In addition, you may notice that some sites like LocaBitcoins, Paxful or BitQuick match users' orders without storing money in the system. They also support cash deposits, so you even can pass the stage of online payment. For the most reliable trading, use decentralized exchanges but be ready to strange interface.