Topic: Almost lost all of my coins in an exchange last week (Read 892 times)

Yes, you are correct on all. 

And it was a very stressful and helpless moment.  At the time when I was trying to get into my account, 4 times had already tried, so only one try away from my account being locked.  And once it is locked I would not be able to get any help because they would not reply to my email nor I can submit a help ticket because US customers are no longer served.  Moreover, even after I successfully reset my password and regained my account, I still need to find solutions to move my coins out.  At that time, I was so stressed out, but I still need to search for solutions and learn how to implement my solutions with different wallets and tools.

Before I figured out where to move most of the coins to, I was also worry that if the exchange would not let me withdraw, if the phone which has the Google Authenticator installed broke for good (since the battery on that phone is bulged), and if the hacker will strike again before I moved my coins out.  I was also racing against time.

Last night I just realized that I could use VPN to set up a new account from the same exchange, move my coins there, immediately convert them to BTC or ETH, and transferred the BTC out to other accounts, ie, a hard wallet.   This would be the easiest way.  Even though doing so may also incur some potential risks.

The exchange he was using was the first one on your list of good reputation exchanges. So the instead of saying trust this or that exchange it should be said to trust no exchange and as soon as you can to get your coins into your custody. Glad that you were able to remedy the situation I'm sure that was a very stressful thing to have happen.

Very sad. I suggest you to never put money on small, fake and untrusted exchanges. Only put money in exchange that  has a good reputation in the market such as binance, kucoin, bitmex, houbi etc. Our money stay safe in big exchanges. There are many fake exchanges in the market so we should avoid them.

The good things is atleast you recovered your assets and you can still trade it in other available exchanges Binance has a well secured parameters to avoid hacking attempts next time if you do not want to ip banned then why not use a vpn a premium one I think this is also use by other US customers as I can read.

Google authenticator isn't the only one, there are tons of authenticators available and one of the best is Authy which is available for both Android and IOS which also provides some of the features like desktop version and mobile transfer.

You can choose any authenticator you want, all you need to do is to just scan the codes or enter the provided key to enable 2FA.

No one is immune from a data leak or breach on an exchange, but the less access to different sites can minimize the credentials  info losses.

I don’t remember if any authenticator beside Google are offered in the exchange.

Dedicated email to register on exchanges right? But still the information can be leaked from exchange or sold by exchange itself since it happened in the past so use email in your primary mobile and the authenticator on separate mobile better consider using Authy which is better than Google Authenticator.

Of course, I agree with you that in most cases it is better not to store your cryptocurrency on exchanges. But let's say, if you are a trader, then it is very stressful, especially when the network is very busy now ...

That is a good idea.  If affordable, use a dedicated phone for Google Authenticator and the email.  The email address should be dedicated for investment accounts only.

I have a sim lock on my phone number so that it cannot be transferred to another devise unless I go to the store in person with valid IDs.

It's a good thing that you got your assets back, but be careful next time, there's lot of news nowadays that their wallet is being hacked, the easiest and well-known type of hacking is phishing, many people click some links that can gather all their info, maybe you use your account in online stores since you are in the US, maybe you buy on Amazon and you linked it with your credit card or your PayPal in which you have your full info and that info can be used to open your account. I used google authenticator and sms verification too the phone that I am using doesn't have any apps just email and authenticator for me to prevent hacking.

It won’t be because of the price are going up.  Because if they just withdrawal the coins to their account without converting them to fiats, the coins would be as they are. 

^ I did this before when I was very active in trading back then. I regularly check my balance on the exchange where I left my money as an investment to ensure that there is progress on my investment or something plan how can I recover those losses. Sometimes there are gains but mostly it turns out losses. However, I never withdraw my investment on the exchange if my profit was not there, once I am invested as capital in trading, why not just risk my money for potential ROI. Nevertheless, good to hear about your fund back.

I am relived that you were able to fix the issue on your own. That is a very disturbing experience, what you have experienced there. I am glad that you were able to get all of your cryptos out of that exchange. From the looks of it, somebody is trying to get your coins through illegal means. Only thing I can think of is that it might be a compromised account that was being acessed by someone who know some of your credentials. Of course we cannot say it might be inside job but who knows?

But how can you keep your asset stored on an exchange and you’re not checking it steady to know what’s up with them? That’s some kind of risk you took there, you really have to be very careful, because exchanges are not really that safe and if you are not careful you can lose your money or they can get hacked and your money is gone. You supposed to be storing in hardware and offline wallets as you’re doing now.

As for the question you asked about  the hacker not moving the funds immediately, I guess maybe he thought he has gotten full access to the account and felt he should keep it for now and withdraw the money later, since prices are going up? I’m just guessing though, but it’s good that you got your money out before stories that touch.

If your coins lose 80% to 90% of their original value, would you want to check your account often?

the bypassing of the google authenticator is pretty worrysome

That is really iffy and scary at the same time. I also wanted to know why it took you that long of a time to even get back on your precious investments. I know sometimes people go hodl hibernation to relieve them of the worry but it seems as though you forgot you even had them in the first place. Nevertheless I am really glad that you got your coins back, now just be vigilant as hackers are becoming more and more intelligent in taking advantage of unsuspecting investors.

You should mention the name of exchange to make others aware of it and don't lose their funds if they have account their.
There is also a possibility that your mentioning your problem here will catch the attention of exchange support and they help you.

and the error is on the individual each account owner. I still have some coins on the exchange and it's still safe. The most important thing is that you have activated all the recommended security methods such as 2FA security, verification of phone numbers and e-mails. All of this will be very useful for the security of the main exchange account created as a trade. It is true that the risk of being hacked still exists, but we have done our best and remain vigilant. Some of my assets are stored in my personal wallet and it has better security.

It is really good if you are sure with every thing you need on your account and wallet because if the wallet you are using has a good system, you can recover the bitcoin you lost or sent on a wrong address. If you already knew that your email or contact is not on you anymore, you should change it because it might only give you a head ache when you lose all your money suddenly. We should also be careful on typing bitcoin address because it may be the reason why we lose all of our money and we cannot always rely on the features that your wallet has. Even if we have that feature for free, still don't let your guard down because sometimes features like that can have a problem or maintenance. Also the disadvantage of this is anyone who knows your email and password can easily take your money even if you already sent it into another wallet since it is recoverable.