It has been a very rough 24 hours. No sleep and the not knowing how this happened has been driving me up the wall.
I want you all to know I appreciate the support you have all been awesome. Love Steemit
I have been on a mission
I have been in the Coinigy slack to ask for advice etc. Willaim was kind enough to help and mentioned that Bittrex should be able to see if they made the withdraws using the API or the UI.
Another factor is the withdraws were already made before I logged in at 2:32 am so I am sure they should be able to see where and what IP was used for this.
I am not expecting to get the funds back, but I really want to know how I was compromised. If it was a mistake I made then I want to know so I can fix it. if nothing else comes out of this maybe it will help people not make any of the potential mistakes I made if I did.
I want to thank everyone for the messages and kind words, you all on steemit rock and I am so happy I am still here and part of the community.
I also want to thank Jona Derks (Partner in the account) who has been awesome through all this and helped me tough it out and help make sure the other 4btc wasn't taken.
I will keep everyone updated on whats going on and hopefully, I can find out exactly what happened.
UPDATE: We now know how it was executed.
I am being 100% transparent here so I want you to see what I see so it makes it better for all of us. It is quite possible it was a mistake made on my part and I am willing to take the blame.
Bittrex has just got back to me after I submitted all the details they needed to investigate. Thanks to Niri and the fast response
Here is my submitted ticket to them and all their responses:
REQUEST #98214 WITHDRAWS NOT AUTHORIZED
Shayne Rivas-Shiells Today at 22:48
Early this morning between the hours of 1 am and 3 am my account was compromised and I lost 5.397 BTC and 1899 PIVX. I was fortunate enough to log in at 2:32 am and stop them from stealing the rest of the funds. I also have captured this on video so I can show you what was happening. It was the hardest thing I have ever had to go through. I worked hard every day and made sacrifices for my family to try and provide a better life.
here is a link to the video
Here are the transactions in question:
Address: 1AjLk3BDEkFtv3nVYeKokPZAtq9YAs3JYa
TxId: 94a71d358f412eed3da37e84b02a0a631b2f927cb5beb79094f254b83ba2fcae
Address: 1AjLk3BDEkFtv3nVYeKokPZAtq9YAs3JYa
TxId: c25dd79f093dbf5c1fe4104624172f45d17a9824d85d778ece1c002b5dd82f05
Address: 1LX2idYnKAAXFA683xvcRu7wsgGePKszWb
TxId: 7bc54259eb529af48a518870041c3d6235f41f04d3e50114e8db693eb31644ef
Address: DBv2NRC3u9xH2uWjLKfVEzKN8rPPjWpwsL
TxId: cb3f82abb71054d5e6bec112d9865ae21b0aa0707660e8463756f6499a996182
Also maybe you can track them by the times they were using the account. I logged in at 2:32 am and the 4 transactions had already been made, I was fortunate enough to quickly cancel an XEM withdraw they were attempting. They were in the account the same time as I was as you can see in the video. I also have the full-length 2-hour video I captured through all the drama, but didn't obviously upload the full video to youtube. I can provide that if you need it ill attach a screenshot. Also, Willaim from Coinigy mentioned you maybe able to see if they used the API or UI to make the 4 transactions. http://prntscr.com/fn51tz Anything you need to assist you I am here, I haven't slept since this happened so I I am here if you need me...thanks...Shayne.
BITTREX RESPONCE
Niri Yesterday at 23:19
Hi Shayne,
I had a chance to watch your video. It was really tough to see your account get drained like that. It's obvious from your story that you've worked hard on building up your account. Bittrex takes the security of your account very seriously, offering Two-Factor verification, login notifications with Account Disable link and IP Whitelisting to prevent unauthorized access.
Checking your account history we can see however that these sales are happening through API calls.
Time Stamp
Address
User Agent
Activity
06/22/17 09:55:37
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
06/22/17 09:45:17
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
06/22/17 09:11:57
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
06/22/17 09:07:06
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
06/22/17 08:58:33
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
06/22/17 08:32:42
78.129.186.234
WITHDRAWAL_APIV1_SUCCESS
The IP address appears to originate from London, UK.
Is it possible your API key was compromised?
Thank you,
Niri @ Bittrex
Follow us on Twitter @ https://twitter.com/BittrexExchange
Shayne Shiells Yesterday at 23:27
Heya, thanks for the speedy reply
It maybe possible I made many video tutorials showing Bittrex and Coinigy using the keys, but I was positive I always deleted any keys that I used in the videos. Is it possible to know what keys were used in the calls?
Niri Yesterday at 23:50
Hi Shayne,
Thanks for updating the ticket.
For security reasons we do not store and display the API keys, you are using to our Support agents.
I would recommend revoking and removing your API keys considering what you have been through today. You have taken great measures protecting your account but unfortunately one of your API keys got in the wrong hands. Hackers write bot programs around API keys and can quickly drain an account of all coin.
Thank you,
Niri @ Bittrex
Follow us on Twitter @ https://twitter.com/BittrexExchange
So it seems somehow my API keys were stolen. Now, this could have quite possibly been my fault as I have used API keys in video tutorials before and may have somehow deleted the wrong ones and not double checked before I uploaded the video. You can see in this particular video below. I take full responsibility for my actions if this is the case.
time: 3:10
If you read the Bittrex first response from Niri you can see they found the transactions and they were in fact executed through the API and it was from an IP Address in the UK.
I have always tried to be as careful as possible when it comes to security but no one is perfect and this has been a valuable lesson to me.
And Finally
Thanks to everyone that supported me and knows me as a person inside and outside of steemit and knows I would never create something fake or deceive anyone like some people have stated in various places. I am here to help people and have been doing so all my life.
Thanks to @bittrex for responding so fast and letting me know how they took the funds, I am glad I at least know now the mistakes that were made.
Peace everyone!