Pages:
Author

Topic: Almost lost all of my coins in an exchange last week - page 3. (Read 959 times)

full member
Activity: 350
Merit: 101
Very difficult to say whether this was an inside job or not. These sort of attacks happen all the time. However you did the mistake by keeping your coins in the exchange wallet. Unless you are a day trader, I don't see any point in keeping your crypto assets in an exchange wallet. I am telling this out of my own personal experience, as I have lost my coins multiple times in various exchanges.

However a few things sound really fishy. OP is saying that the exchange didn't contacted him to move the coins as restrictions are in place for US costumers. The exchange probably sent an email, but it may have landed in the "spam" folder. The fact that the hacker was able to reset the password (is it even possible without Google Authentication?) could mean that either the phone number or the email address was compromised. In that case, it will not surprise me if the hacker deleted some of the emails from the exchange, even before the OP could notice them.

No emails from them that are in the spam box.  I have no problem receiving their support email before they stopped responding. 

Don’t know how they can hack a phone which has the Google Authenticator that is not even turned on.

legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
Very difficult to say whether this was an inside job or not. These sort of attacks happen all the time. However you did the mistake by keeping your coins in the exchange wallet. Unless you are a day trader, I don't see any point in keeping your crypto assets in an exchange wallet. I am telling this out of my own personal experience, as I have lost my coins multiple times in various exchanges.

However a few things sound really fishy. OP is saying that the exchange didn't contacted him to move the coins as restrictions are in place for US costumers. The exchange probably sent an email, but it may have landed in the "spam" folder. The fact that the hacker was able to reset the password (is it even possible without Google Authentication?) could mean that either the phone number or the email address was compromised. In that case, it will not surprise me if the hacker deleted some of the emails from the exchange, even before the OP could notice them.
full member
Activity: 350
Merit: 101
You know what is surprising here is why he even received codes in the email when 2FA is enabled in his account.  Why, can you choose where you want to receive the codes such as email even if 2FA is turned on?  The hacker who knew his login details tried to reset his password.  When you opened your email did it not mark as read?  This means that he will not be able to access even your email to get the codes.  Good thing that even that is already 2FA and the secondary layers of protection work.  Didn't you notice anything unusual about your account activity such as trade history?  So the hacker has not been successful in having full control or access to your account.

If some of your remaining coins are not supported by a hard wallet just use their official wallet because you are almost certain that you will hold your private keys or mnemonic phrases.  Or you can also use some trusted and recognized non-custodial wallets.

They have a 24-hour no withdrawal function after a password is changed, else, the fund would already be gone.  I reset my password using the forgot password option.  In doing so, they sent me security code to my email and I also needed to use Google Authentication in combination to the security code to reset my password.  That means the hacker need to use the same too.  The Google Authenticator was installed on my old iPhone which usually is turned off.  There is always a risk that the phone stops working because it is semi broken as the old battery expanded and forced the touch screen surface to bulged.  But it is usable.  I cannot reinstall it on my new phone since I didn't keep the recovery key. 

Good point on the "read" email comment.  No, these emails were not read when I saw them and received them.

 
full member
Activity: 350
Merit: 101
I had a bad story too.

Back on 2017 i've made a very stupid mistake.

When i try to deposit my ethereum on binance, i send it into wrong address.

I think i'm gonna lose all of my ethereum, but luckyly Binance want to send my ETH back and Binance Customer Service is so damn good.

It was actually a good story. 

hero member
Activity: 2464
Merit: 594
You know what is surprising here is why he even received codes in the email when 2FA is enabled in his account.  Why, can you choose where you want to receive the codes such as email even if 2FA is turned on?  The hacker who knew his login details tried to reset his password.  When you opened your email did it not mark as read?  This means that he will not be able to access even your email to get the codes.  Good thing that even that is already 2FA and the secondary layers of protection work.  Didn't you notice anything unusual about your account activity such as trade history?  So the hacker has not been successful in having full control or access to your account.

If some of your remaining coins are not supported by a hard wallet just use their official wallet because you are almost certain that you will hold your private keys or mnemonic phrases.  Or you can also use some trusted and recognized non-custodial wallets.
full member
Activity: 924
Merit: 100
I had a bad story too.

Back on 2017 i've made a very stupid mistake.

When i try to deposit my ethereum on binance, i send it into wrong address.

I think i'm gonna lose all of my ethereum, but luckyly Binance want to send my ETH back and Binance Customer Service is so damn good.
full member
Activity: 350
Merit: 101
Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  
Glad that you've got all the coins you have because if you haven't noticed that one maybe you're poor now, kidding aside, haven't you read a policy before using exchange and still you haven't full control in your asset since your just using an exchange site and for the "email" maybe they got your email because of your using it to register into some other website which if that website got hacked they can get some information that can be use to hacked your email address gladly that you've manage to recover everything, Also not just by passing everything can be done nothing is impossible nowadays or maybe you downloaded some keylogger in your computer,

I use iPad mostly. 

Now that you mentioned it, we all should use a dedicated email address for this kind of stuff.  This way, no other website can stole your information. 

hero member
Activity: 1008
Merit: 540
Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  
Glad that you've got all the coins you have because if you haven't noticed that one maybe you're poor now, kidding aside, haven't you read a policy before using exchange and still you haven't full control in your asset since your just using an exchange site and for the "email" maybe they got your email because of your using it to register into some other website which if that website got hacked they can get some information that can be use to hacked your email address gladly that you've manage to recover everything, Also not just by passing everything can be done nothing is impossible nowadays or maybe you downloaded some keylogger in your computer,
full member
Activity: 350
Merit: 101
which exchange is at stake here?

It got mentioned upstairs post.

Did you check your spam box on email service? I regularly receive updates from some exchanges about delisting coins. Some of them end up in the spam/trash folder.
Also once have a similar situation where is my country is disallowed from Kucoin, but they disable all trading function, only withdraw has been possible at the moment. when the interference is removed and my country was re-approved to full access on that platform, everything returned to normal very quickly.
I want to say, that in normal and professional exchanges, everything working fine.

I can receive their email telling me that they cannot support me fine without any issue.

It probably will take at least 10 years, if not ever, for the exchange to allow US customers again. 



legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
which exchange is at stake here?
Did you check your spam box on email service? I regularly receive updates from some exchanges about delisting coins. Some of them end up in the spam/trash folder.
Also once have a similar situation where is my country is disallowed from Kucoin, but they disable all trading function, only withdraw has been possible at the moment. when the interference is removed and my country was re-approved to full access on that platform, everything returned to normal very quickly.
I want to say, that in normal and professional exchanges, everything working fine.
full member
Activity: 350
Merit: 101
Ironic as it may sound, I think I'd be choosing Binance. But your situation and mine are different. You are restricted to use Binance; I am not. I am choosing Binance primarily because of their Secure Asset Fund for Users (SAFU). It is a kind of an insurance fund for their users. I guess on your part, Kraken might be a trustworthy option.

However, I'd like to emphasize that there is absolutely ZERO reason for hodling funds in an exchange wallet.

Binance is not bad if you have access to it.  It is a risky business on what's all going on nowadays.  For US customers, it is a loose situation. I hope everyone of them will be able to get their coins out safely.
legendary
Activity: 2576
Merit: 1860
The foreign exchange was the "B" exchange... 

Just as I suspected. But lucky for you you've managed to take most of your assets out. And while you still can, take them all out and move them somewhere very safe. Since you mentioned that you intend to HODL your funds, then I suggest you don't keep them in an exchange wallet. A hardware wallet is much preferable.

I won't jump into accusing Binance of an inside job. But I've also read a situation somehow similar to yours a few months ago. I can't find the thread but it was also a case of breaking into the account surpassing both email verification and 2FA. I'm not sure if it was also Binance but I think it was.

If you were selecting an exchange for the long hold (beside using hard wallet) which one would you trust better?

Ironic as it may sound, I think I'd be choosing Binance. But your situation and mine are different. You are restricted to use Binance; I am not. I am choosing Binance primarily because of their Secure Asset Fund for Users (SAFU). It is a kind of an insurance fund for their users. I guess on your part, Kraken might be a trustworthy option.

However, I'd like to emphasize that there is absolutely ZERO reason for hodling funds in an exchange wallet.

Quote
If you can find the thread of the person whose account got hacked, please share.

I actually looked for it yesterday but to no avail. I'd look for it again.
full member
Activity: 350
Merit: 101
You should always have a UNIQUE and STRONG password for each service / account you own in the Internet mate. What might have happened is somehow the "thief" managed to grab a hold of your password from probably another hack from other company that had their information breach. You can check if you had suffered such deal here : https://haveibeenpwned.com/ . Just input your e-mail (the one you use in the exchange) and it'll let you know if there was a breach associated with that e-mail.

Plus, it's never a bad time to use a password manager. There are tons out there, each with their pros/cons. Bitwarden, 1Password, KeePass are some of the examples I can give you. If you need help let us know and I'm sure we'll be able to help you Smiley

Thank you for your info.  Yes, my email had been pawned many times during the last 10 years, but that does not mean that people can know my password.  Nowadays, most of the major website do not keep our passwords.  (But just for precautionary measure, I just changed my password again this morning.)

I will look into the password manager option you mentioned after all these ordeals at present are over as I still need to get the rest of my coins out - even though the amount is small.  I am not familiar with how the suggested passwords function works and, because of that, I always turned down the suggestion and create my own passwords concerning that I won’t remember the suggested passwords.  iPad has a keychain function which save passwords in it, but it does not auto save them on some apps. 

full member
Activity: 350
Merit: 101
It could have been better if you share the name of exchange you are talking about here since you already take your coin out of the exchange.

It's binance exchange and also don't get why he has refused to identify that in the OP but his second reply give a hits since he said the B-exchange and we all know binance is the most popular exchange starting with the B letter. The idea of holding coins on exchange is starting to fade away as new reports are surfacing indicating less coins are been kept in exchange. It'll take some more effort than what we're currently doing to make this a win for the industry.

The hacks aren't doing much impact since the exchanges have come up with a way to avoid going bankrupt when this hacks occurs like with binance setting up an insurance fund to help payback stolen funds etc.

Exchange come up with mouthwatering offers just to keep your coins in their custody, this alone is a red flag to not trust them with your coins and end up regretting in future. Well lucky you and glad you could get back your coins. Hope lesson has been learnt.

You are correct on the exchange.  And I still have a small portion of coins in there as it is hard to find a place for them either in hard wallet or in an US exchange that supports my state.

Years ago I went crazy on Altcoins expecting that if one of them made it, the reward could be abundant.  Unfortunately, the opposite happened.  But recently they came back 400% from 6 months ago which was only 1/3 of the peak value, but that was still a good thing.

The feeling during that several days where I was trying to figure out on how and where to move the coins out was very stressful because I didn’t even know if I would be able to do so as they stopped servicing US customers.  I also felt so helpless because they automatically refuse my email inquiry.  So if I could not transfer the coins out, I would be stuck.  Moreover, I didn’t know if the hack is going to happen again during these times.  Unimaginable.

legendary
Activity: 1148
Merit: 3117
You should always have a UNIQUE and STRONG password for each service / account you own in the Internet mate. What might have happened is somehow the "thief" managed to grab a hold of your password from probably another hack from other company that had their information breach. You can check if you had suffered such deal here : https://haveibeenpwned.com/ . Just input your e-mail (the one you use in the exchange) and it'll let you know if there was a breach associated with that e-mail.

Plus, it's never a bad time to use a password manager. There are tons out there, each with their pros/cons. Bitwarden, 1Password, KeePass are some of the examples I can give you. If you need help let us know and I'm sure we'll be able to help you Smiley
legendary
Activity: 2534
Merit: 1233
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
                   (Thanks God for this function with the 24-hour disable withdraw.)
If I'm not mistaken, all exchanges have a feature like this, and also most of them it required 2FA that it's hard to make transaction once your account on exchange gets compromised or hacked.  Good to see that this was saved your assets back and you able to retrieve them.

That's why if we have a plan to leave a huge amount on exchange make sure you had already doubled or tripled set the security level in your account and if it will compromise, you have a chance of getting them back.  Might be also good if you leave only a small amount on the exchange if ever exchange has an exit scam, isn't hurt for you.  We know the golden rule of saving crypto assets, "not your key, not your coins".
legendary
Activity: 3122
Merit: 1140
It could have been better if you share the name of exchange you are talking about here since you already take your coin out of the exchange.

It's binance exchange and also don't get why he has refused to identify that in the OP but his second reply give a hits since he said the B-exchange and we all know binance is the most popular exchange starting with the B letter. The idea of holding coins on exchange is starting to fade away as new reports are surfacing indicating less coins are been kept in exchange. It'll take some more effort than what we're currently doing to make this a win for the industry.

The hacks aren't doing much impact since the exchanges have come up with a way to avoid going bankrupt when this hacks occurs like with binance setting up an insurance fund to help payback stolen funds etc.

Exchange come up with mouthwatering offers just to keep your coins in their custody, this alone is a red flag to not trust them with your coins and end up regretting in future. Well lucky you and glad you could get back your coins. Hope lesson has been learnt.
Exchange or platforms that do offer something just for you to make your coins park into their site is really that quite suspicious specially if it do offers something that is really  hard to resist.
Even if its really a known platform or one of the top then i cant really just trust them no matter what.Always have that main rules that never ever store up your coins on an exchange.
If you dont possess the keys then it isnt really your coins after all.When it comes to hacking incidents then i do somewhat bit confident with Binance, yet it had been proved out
that they can compensate incase if there are users who do lost up funds in the process unlike others which do totally close up their doors afterwards.
hero member
Activity: 2184
Merit: 531
They just told me to move the coins out before I lose them and then no reply to my follow up email since.  
...
Last week, I got three automated emails from them at the same time.
...
I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.


You weren't from an unsupported country when they were trying to get your coins sent to them.

You weren't from an unsupported country when they were sending emails to you.

You have an issue? Suddenly you're from an unsupported country Cheesy



legendary
Activity: 2478
Merit: 4341
eXch.cx - Automatic crypto Swap Exchange.
It could have been better if you share the name of exchange you are talking about here since you already take your coin out of the exchange.

It's binance exchange and also don't get why he has refused to identify that in the OP but his second reply give a hits since he said the B-exchange and we all know binance is the most popular exchange starting with the B letter. The idea of holding coins on exchange is starting to fade away as new reports are surfacing indicating less coins are been kept in exchange. It'll take some more effort than what we're currently doing to make this a win for the industry.

The hacks aren't doing much impact since the exchanges have come up with a way to avoid going bankrupt when this hacks occurs like with binance setting up an insurance fund to help payback stolen funds etc.

Exchange come up with mouthwatering offers just to keep your coins in their custody, this alone is a red flag to not trust them with your coins and end up regretting in future. Well lucky you and glad you could get back your coins. Hope lesson has been learnt.
hero member
Activity: 1694
Merit: 541
Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  
If you think that the exchange is behind the hack, you need to expose the exchange name and let them explain the reason why that happened so that the customers using that exchange will be aware of the situation. You cannot be silent if you went through a situation like this and we need transparency in this issue so that others will not face the same issue.
Pages:
Jump to: