Bittrex Account Security - Protecting your account 1 step further using IP/Withdrawal Whitelisting

in #bittrex7 years ago (edited)

Hi Everyone!

This is my first post and although there is not a lot of content - I feel this post will help a lot of you, and I do apologies if it has been posted before.

I am part of several Crypto currency communities and every few days I see posts from people who have lost everything due to their Bittrex accounts being compromised.

Recently as many of you are aware.. there was a phishing site listed on google ads. The site was for Bittrex. So if you "Googled" for Bittrex, the top result listing was for the Bittrex website.. however this was of course a fake site.

People entered this site, entering their credentials as well as their 2FA code. This information is then passed directly to the "hackers" where they pass that information into the real BIttrex site.. gaining access to your account.

There are obviously several steps you can take to avoid entering a fake site.. but i'm sure that information has been posted here multiple times :) (Ensure Two Factor Authentication is enabled, make sure the URL matches, saving the real bittrex website as an internet favorite etc)

Within your Bittrex account settings there is an option for "IP Whitelist" and "Withdrawal Whitelist".

IP Whitelist

You can whitelist public IP's for Withdrawals. If you browse to whatsmyip.org in your internet browser, it will give you your public IP Address which is allocated to you via your internet service provider. Add this to your Bittrex whitelist so withdrawls can only be made from your home or workplace. Please note that not all ISP's will give you a STATIC public IP Address so it can change frequently.. You will need to contact your internet service provider to find out of it's static or public. If it's dynamic (which means it changes frequently) you will need to update this IP when you wish to withdraw.

If you do happen to log into a Phishing site, the hackers will require your 2fa password a 2nd time to be able to withdraw - by this stage the existing 2fa code they used to get in will have expired.

Withdrawal Whitelist

This option essentially whitelists specific currencies and what wallet address they are allowed to withdraw to.
If your account is compromised and they try to withdraw your funds to a wallet that is NOT on the whitelist - it will fail.

Obviously you will need to ensure you have Two Factor Authentication enabled so if your account is compromised, they cant change your whitelisted addresses without obtaining your 2FA code again!

I hope this helps :)

Thank you!

Sort:  

Congratulations @xsmilinx! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!