Your funds are on the purses of the BITTREX exchange are in great danger !!!

You assume a certain risk in giving your API keys to untrusted sources and not revoking old keys.

The linked thread suggests there is more to the story than you are telling us. But suppose for a moment that what you claim is true, that an API key not authorized to withdraw somehow can withdraw, even without confirmation. Suppose an exchange had such a serious bug. Your only attack vector remains a compromise of your API keys. If you really have or had six different active API keys, it's kind of unreal that you're blaming the exchange, instead of chasing after the services and software you fed all these API keys into, or even telling us why it's not possible any of the API keys were compromised.

But there's alread a sea of responses telling you that.

/r/Bitcoin Thread