The affected user ensures that the exchange breached its security policies, which resulted in the theft of more than USD $9 million in Bitcoin funds.
Bittrex, the international exchange platform with one of the largest volumes of commercial operations, is currently facing a lawsuit from an investor, who allegedly lost his funds due to a security breach.
According to published reports, investor Gregg Bennett filed a lawsuit before the King County Superior Court in Washington, alleging that Bittrex violated its own security protocols and did not promptly address the case that resulted in the theft of at least about 100 BTC (USD $9,415,000).
The attack took place during the month of April of this year, and for this the criminals violated the security measures by replacing a SIM card of the mobile operator AT&T, thereby subtracting the identity data of Bennett and they appropriated their funds hosted on Bittrex.
According to Bennet and his lawyers, Bittrex did not act in accordance with the security protocols following Bennett’s notification, which resulted in the loss of the stolen funds minimizing the chances of finding the culprit and finding the corresponding assets.
Although there is no official response regarding Bennett’s case, the exchange’s CEO, Bill Shihara, said the platform manages a very strong system to avoid security breaches, including two-factor authentication system, and confirmation through email for operations when performed from an unknown IP address.
Shihara took advantage of the space to remind users that many of the security violations occur on the side of the people who operate on the platform, so in the case of what happened with the SMS reminded the public not to trust the cell phone As a unique security method, since once hacked this, everything is unfortunately possible.
In this regard, Shihara commented:
“This problem requires many solutions and layers of security … We always remind users not to blindly trust their phones, since it is possible that the device will be controlled by other people”
There are suspicions of an internal job
Another of the hypotheses presented by Bennett suggest that the hacking was possibly derived from an internal job, and although it does not indicate who the suspicions fall on, it ensures that changes to your account PIN and associated identification numbers are very strange, information that only the telephone service provider company managed.
An AT&T spokesman, Jim Greer, reiterated that the company does its best to maintain the safety of its users, but also echoed Shihara’s statements inviting people not to rely on their phones for the security of their assets. value:
“SIM card exchanges are part of a type of theft perpetrated by sophisticated criminals. We work together with the authorities and consumers to stop and prevent such crimes.”
Is the exchange guilty?
Clarifying more details about the attack, Bennett said Bittrex failed to comply with its opinions as it did not properly address certain irregularities, such as the fact that the operations were carried out from an IP address in Florida and from an operating system other than the one it usually uses.
In addition to the above, the exchange allowed criminals to extract 100 BTC from their account, which goes well beyond what is allowed without further verification mechanisms. In addition, hackers also took other digital currencies housed in their wallet, exchanged them for Bitcoin at very affordable prices for buyers and stole them along with the rest of the capital.
Other funds were left in the account that hackers could not take away, since Bittrex finally responded to Bennett’s claims and suspended unauthorized withdrawals from the account. However, the complaint of the affected party is aimed at the criminals modifying their passwords, to which the exchange should suspend withdrawals for at least 24 hours, which other platforms do as a security measure.
At the moment it is unknown if Bittrex is in fact responsible for the loss of the funds or if they will return them to the affected investor.