A lawsuit that claims Bittrex is an irresponsible exchange that has been filed in Washington State. Although the hackers used SIM swap to steal the victim’s identity and alter his passwords, Bittrex is being sued for its inefficient security standards.
On April 15th Gregg Bennett, a serial angel investor noticed some suspicious activity on his Bittrex account. Least did he know his online identity had been hacked using SIM swap over the AT&T carrier. The hackers seized Bennett’s cell phone and were successful to gain access to his passwords.
In the process bitcoin worth 1 million USD was stolen from Bennett’s account with Bittrex exchange. And the lawsuit is being filed as seemingly the major exchange ignored Bennett’s warnings for over 24 hours. As soon as Bennett detected some suspicious activity on his Bittrex account, he alerted the exchange. A ticket was raised using an email as that seems to be the only way to reach Bittrex. But the exchange did not act upon it for the next 24 hours.
Meanwhile, hackers made way with Bennett’s 100 bitcoins. According to the victim, the exchange’s security is severely flawed and fails to meet the standard practices. Why does he say so? Let us try to understand:
1) Email is the only way Bittrex users can get in touch with the team even for urgent issues. An issue like this required immediate action and the exchange failed to do so.
2) Bennett’s account was logged in from a different IP address and operating system. This kind of activity is considered to be suspicious according to the industry standards. The victim must receive a notification in such a case.
3) His Bittrex account password and 2-FA were changed. According to standard practices, the exchange should have frozen the transfer activities for the next 24 hours.
As the lawsuit states, Bennett made multiple attempts to alarm Bittrex within the 2 hours of his account being attacked. But it took exchange 24 hours to respond and act upon it. And Bennett has all the reasons to believe that Bittrex is unaware of hack preventions.
He blames Bittrex for being unfair, deceptive and irresponsible that leads to his 100 BTC loss. And that’s not it. For Bennett convincing Bittrex that his account was hacked turned out to be the biggest battle.
Not only did the exchange fails to maintain the security practices, it was slow to act upon a case of extreme urgency. As per Bennett he had to knock CEO Bill Shihara’s doors so that the exchange would acknowledge the hack. On October 28th Bennett filed a lawsuit against Bittrex and according to him, he wants to make sure that the community is aware and educated about such security gaps.
Bennett is a veteran angel investor and is hell-bent to get back his BTC worth 1 million USD. In the last couple of weeks, we have witnessed some high-profile hacks and it seems the Bittrex hack lawsuit is going to be one of them now.
Want to learn more? This article might be of interest to you: