My Safex got stolen from bittrex


2FA wasn’t enabled… I had account for only few hours actually and thought to enable it later. After hijacking the guy enabled 2FA so I can’t access my account anymore, same thing happened to ChilleWilli. When I got home my mac still had opened account so I managed to see my balance was 0 and to get info where the coins dissapeared. Guy also sold all the safex into btc and transfered them out… Same story as ChilleWilli basically.

@rob yes, it was a typo in text, I was pretty pissed off yesterday and writting quickly here :slight_smile:.
I checked whole history from the phone and everything looks fine, every url is from

In few days I will post exactly how it happened so you can all be aware of these kind of scams/hacks. I plan to get back to safex, community and trading but I will need some time to consolidate myself. $1.2k is not much money but it is pretty painfull to lose it this way.


Thanks for the link, very good explanations there… I will check the URL’s for API calls and let you know.
I was using iphone at the time it happened, all URLs are starting with and possibility of hijacking from outside or faking the URL is almost impossible unless Apple has some serious security problems :wink:


Also check its https:// otherwise some wifi hacks can do sidejacking if the hacker is on the same wifi as you


I was using 3G connection at the time. Wifi was disabled as I rarely use it because of these things… As more and more I look I start thinking that my email was breached first, not directly from phishing. But how did it happened the same moment I tried to login into bittrex, and how the hacker knew my email address… Also the coins were there for only 2-3h on my acc. so everything happened really fast and in right moment for him. Very strange, the same day I decided to enter the market.

My gmail was logged in with unrecognized device first, then he reset password on bittrex, logged, enabled 2FA on his side, transfered the funds and voila. Gone. Total time he needed for this after email breach = 4 minutes. And I realized it after 45 mins as I left my phone, mails weren’t synchronized at the moment etc.

Phishing option was most obviuous because everything starting with me trying to login to bittrex from phone but I don’t see any suspicious URL in history… I went to login, entered credentials and next step was to enter my phone number as I remember (also bittrex dialog). Then I started receiving google codes to phone (although I didn’t had 2FA enabled), entered the code to authenticate and safari was frozen. I left my phone, thinking to try again later when I get home and check everything as these things often happen with my phone…


Like Jhon Mcafee said, you cant trust your phone, very easy to hack. And you cant trust your coins on exchanges, just buy coins and transfer to offline wallet immediately.


Add to the above:

  1. Create your private key and store it somewhere very safe.
  2. Copy your data file to external storage and ‘air-gap’ it (offline).
  3. Uninstall safex wallet, data file and private key from your computer.


Fairly good precaution in going to new sites or exchanges is accessing it with reputable links.
I think It’s safe to say we’ve all been burned at one point or another. Some more than once. The majority of us will get burned again “Don’t you put that on me Ricky Bobby”. :sweat_smile: Truth is these are the most expensive, but most effective lesson we can learn. Warn others, walk family thru setting up their accounts, etc, etc.


What do you think will your 4M Safex coins be worth if the remaining 98%-99% of the earth population perceives crypto as something that is hard to protect, easy to get scammed - only for nerds and thus not ready for mass adoption. You are really smart!


You seem like a very pleasant person. It’s great to have you in the community.


#1 rule…You never leave coins on an exchnage.


I am curious did you have 2FA enabled? I trade on Bittrex frequently along with 5 other exchanges there are certain precautions I take, one is always enabling 2FA the rest are a different email address, password for every account, and I never use public wi-fi, always have my 2FA on a tablet and not my phone and that always stays home. I am sorry to hear about your loss and hope you can recover.


Yes, i did have 2fa but, email was comprimised and i had same passwords for bittrex. Stupid me. My fault. But my 2fa was used against me so i could not access my account either. Sorry about delayed response, been inactive trying to recoup.


Thank you. I will look in to this.