Topic: Almost lost all of my coins in an exchange last week - page 4. (Read 892 times)
It could have been better if you share the name of exchange you are talking about here since you already take your coin out of the exchange. Firstly, everyone need to understand the reason why long time traders have been saying that it is not safe to live many of your coin in an exchange. This is exactly reason why. Secondly, the way you have explained, it could have been and inside job or probably a sort of vulnerability that have access to your personal informations. I will advise you to also make sure your email account password is change with a more secure one. Who knows the hacker might still have access.
I'm glad that you actually saved your account/coins, that's the positive thing. However, there are a few possibilities of why it happened. Firstly, OP might have clicked a phishing site, which stole your details. Secondly, some other website you might have registered on got hacked, thus, leading to a huge information leak, including your credentials. Thirdly, an inside job, but that would be extremely unlikely for your case.
It's either one of the first two options.
It's either one of the first two options.
I almost didn't breath the whole time I was reading your story, this is a very alarming situation that could happen to anyone of us here who are using such exchange. Luckily you've done your part to secure your coins, panicking could be an advantage sometimes, I guess. The only thing you can do next is to change the exchanger where you Trade your coins, and don't put it all there, just put the coin you wanted to trade in a certain period amount of time.
And use custodial wallet to store your coins, for more safety.
And use custodial wallet to store your coins, for more safety.
If you are not going to mention the name of that exchange the same issue will soon be encountered by another user so I think you can help us with that. Lucky for you to recover all your funds and now it is a lesson learned.
Please skim through the prior messages from others. It has been mentioned.
To give them the benefit of doubt, I was only asking if it was an inside job. I did not say it was an inside job.
( I really like the CEO on the way he handled the previous hacked case by issuing a bounty on the hacker. So if there was an inside job, they should drag the person/group out to prevent their reputation being ruined.)The foreign exchange was the "B" exchange...
Just as I suspected. But lucky for you you've managed to take most of your assets out. And while you still can, take them all out and move them somewhere very safe. Since you mentioned that you intend to HODL your funds, then I suggest you don't keep them in an exchange wallet. A hardware wallet is much preferable.
I won't jump into accusing Binance of an inside job. But I've also read a situation somehow similar to yours a few months ago. I can't find the thread but it was also a case of breaking into the account surpassing both email verification and 2FA. I'm not sure if it was also Binance but I think it was.
I would like to share my story to them if I’m still able to reach them. At this moment, they disabled my contact option completely.
If the email code and Google Authentication can be bypassed, won’t they know about it so that they can use some other probable authentication methods?
(I hesitated to mention the name of the exchange in order to protect my existing account still in there.)
I started to use this exchange almost 4 years ago. There were no any issues till recently. Last Dec I logged into my account (which I haven't done it for a while) and the first page showed up saying that they will discontinue my services in 14 days and asked me to move my coins out to their US counterpart because I am a US customer. I was thinking to myself, it I had not logged in, I would never know about this because they did not contact me at all on this matter. So I contacted the US exchange and found that they do not serve customers in my state. So during all these times, I was researching for way(s) to relocate my coins. I contacted the foreign exchange and told them the challenges that I am facing in finding a place to put them. They just told me to move the coins out before I lose them and then no reply to my follow up email since.
Last week, I got three automated emails from them at the same time.
First email: request to reset password from [IP which is not mine] (and a 6-digit code was included for verification).
Second email: Successful password reset from that same IP.
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
(Thanks God for this function with the 24-hour disable withdraw.)
This happening really got my attention. I immediately tried to log into my account. I entered my password 4 times (one time away from my account being locked) without successful as it had been changed. Thankfully, I did not try the 5th time knowing that my account would be locked and I would not be able to get any help from the exchange. I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.
However, thankfully, I was able to go through the process by clicking on the Forgot Password link and reset my password. During that process, they sent me an email similar to the first email received before with the verification code. And by using the code along with my Google Authentication code, I reset my password. During the next several days, I did my best to get as much information as possible on how and where to move my coins to. By using a VPN tool (first time), a desktop wallet, a hard wallet, and a coin wallet that works with the hard wallet I was able to withdraw most of my coins out. Before I moved my coins out, my heart was so heavy and troublesome because I did not know when the hacker would attack again.
Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story. Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)? Else, how can the hacker by passing the email code verification and the Google Authentication process? This is still very unsettling to me.
If you are not going to mention the name of that exchange the same issue will soon be encountered by another user so I think you can help us with that. Lucky for you to recover all your funds and now it is a lesson learned. I started to use this exchange almost 4 years ago. There were no any issues till recently. Last Dec I logged into my account (which I haven't done it for a while) and the first page showed up saying that they will discontinue my services in 14 days and asked me to move my coins out to their US counterpart because I am a US customer. I was thinking to myself, it I had not logged in, I would never know about this because they did not contact me at all on this matter. So I contacted the US exchange and found that they do not serve customers in my state. So during all these times, I was researching for way(s) to relocate my coins. I contacted the foreign exchange and told them the challenges that I am facing in finding a place to put them. They just told me to move the coins out before I lose them and then no reply to my follow up email since.
Last week, I got three automated emails from them at the same time.
First email: request to reset password from [IP which is not mine] (and a 6-digit code was included for verification).
Second email: Successful password reset from that same IP.
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
(Thanks God for this function with the 24-hour disable withdraw.)
This happening really got my attention. I immediately tried to log into my account. I entered my password 4 times (one time away from my account being locked) without successful as it had been changed. Thankfully, I did not try the 5th time knowing that my account would be locked and I would not be able to get any help from the exchange. I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.
However, thankfully, I was able to go through the process by clicking on the Forgot Password link and reset my password. During that process, they sent me an email similar to the first email received before with the verification code. And by using the code along with my Google Authentication code, I reset my password. During the next several days, I did my best to get as much information as possible on how and where to move my coins to. By using a VPN tool (first time), a desktop wallet, a hard wallet, and a coin wallet that works with the hard wallet I was able to withdraw most of my coins out. Before I moved my coins out, my heart was so heavy and troublesome because I did not know when the hacker would attack again.
Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story. Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)? Else, how can the hacker by passing the email code verification and the Google Authentication process? This is still very unsettling to me.
always bookmark the websites you visit such as exchanges etc.
This is a good idea.
I have the tendency of not clicking links from incoming emails. I normal type their sites’ urls on the browser. Even if I do click them ( from some less important sites), I would check the underlining addresses’ domain names to further verify the authenticity. So we can definitely leave the possibility of phishing part out.
Why not withdraw the coins altogether into your personal wallet? .... It means that your email was hacked, probably due to a weak password. And there are also instructions online on how to bypass google authentication, so it's also possible.
The hard wallet does not really support the remaining coins (which is a very small portion value of the original anyway) and it will take me more research on how to get a wallet that works with the hard wallet. The email has a strong password.
I would like to learn how to bypass Google Authentication so that, if possible, I can be better prepared to prevent it to happen.
The foreign exchange was the "B" exchange...
Just as I suspected. But lucky for you you've managed to take most of your assets out. And while you still can, take them all out and move them somewhere very safe. Since you mentioned that you intend to HODL your funds, then I suggest you don't keep them in an exchange wallet. A hardware wallet is much preferable.
I won't jump into accusing Binance of an inside job. But I've also read a situation somehow similar to yours a few months ago. I can't find the thread but it was also a case of breaking into the account surpassing both email verification and 2FA. I'm not sure if it was also Binance but I think it was.
Glad you were able to get most of them out of there, this is the main reason why I like to have control of all my private keys and don't use exchanges for storage
It's more convenient to store those your own wallet rather than storing it on exchanges. You can't tell whether if it is still safe when you will become inactive for a long period of time.
That is really frustrating. I have same experience this month when I saw zero balance in my account that caused me to panic. Good thing that there is just a migration of the exchange.I am holding my asset there for 3 years and I almost lost it. It is good that I was able to retrieve. With that experience, I recommend to use hardware wallet and not stock on exchange to avoid such panic. Also be careful when opening links sent to you email because in phishing sites, they may hack your account.
That might be a close call, hackers are always trying to hack people sending a lot of emails or links that you could possibly click. Its definitely difficult if your not careful because you don't know if its a phishing email so that they could reset your password. It is also possible that it is made by someone working in that exchange or website you never know. I would not suggest that you use a exchange for storing your bitcoin or your alternative coins in a exchange if your going to a long term investment similar in your case it is possible that a exchange could be close or bankrupt. It is safe to find a wallet that have its own private key just to avoid issues for long term and it is much more safer than custodial wallets and exchanges.
As the old man said, “Not your keys, not your coins”
I suggest that if you want your coins or tokens to be safe, you must be willing to put em’ all in your cold or decentralized wallet where you are having the full custody of your private keys or mnemonic phrases. I only use exchange for day, swing and trend trading and not my storage.
It’s great that your coins and tokens are safe. Good job!
I suggest that if you want your coins or tokens to be safe, you must be willing to put em’ all in your cold or decentralized wallet where you are having the full custody of your private keys or mnemonic phrases. I only use exchange for day, swing and trend trading and not my storage.
It’s great that your coins and tokens are safe. Good job!
No comment about an inside job but it happens that hackers will send us any malicious link that can possibly trick us and put everything in their control once you follow what the link said and mostly they are asking to reset your password. If they are done to this, you no longer login to your account.
One way to avoid this is to ignore most emails asking like that coz I know that it never happens from an exchanger asking for you to reset/change password unless if you are asking it personally. And that last tool that helps us to prevent unwanted withdrawals is in enabling 2FA authentication as surely they can't get anything from even you keep funds on the exchanger for a long time.
One way to avoid this is to ignore most emails asking like that coz I know that it never happens from an exchanger asking for you to reset/change password unless if you are asking it personally. And that last tool that helps us to prevent unwanted withdrawals is in enabling 2FA authentication as surely they can't get anything from even you keep funds on the exchanger for a long time.
I can say still you are lucky and you save your coins with your wit. I believe exchange has to follow the policy of your country that's why you have been given small time and in between hackers got the access of your Ac and luckily you were also more active than a hacker. Its not a small issue that somebody has access your Ac might be it can be a exchange official who hacks your Ac but I believe it's not easy to get access to user data and I suggest you to keep your coins in the Hardware wallet rather than on any exchange.
Fortunately, you are a computer literate and you have successfully recovered and transferred your coins before you finally lose them. I think, that your exchange account was hacked because it knows your log in details, it is really good and there is an automatic closing of the withdrawal of money at the designated time when there is suspicious activity in the account especially if it comes from another IP. Maybe the exchange just locked this account until you try to access it again by providing these 2FA codes and resetting the password. But it seems that the exchange failed to inform you of the cessation of their service in your country of origin, they should send you an ugent or important notice in the email about that not only on their site you can read.
Why not withdraw the coins altogether into your personal wallet? It's better to keep them there that on an exchange anyway. I'm glad that you managed to restore access to your funds and even though the process sounds pretty tough, at least it's working.
I don't think it's an inside job because I'm guessing it's a very reputable exchange which I remember decided to serve US customers separately due to the wish to comply with the US regulations. An exchange like that wouldn't try to scam you. As for bypassing the email code and Google Authentication, I think the first one wasn't bypassed. You did get the messages about resetting the password and the passcode. It means that your email was hacked, probably due to a weak password. And there are also instructions online on how to bypass google authentication, so it's also possible.
I don't think it's an inside job because I'm guessing it's a very reputable exchange which I remember decided to serve US customers separately due to the wish to comply with the US regulations. An exchange like that wouldn't try to scam you. As for bypassing the email code and Google Authentication, I think the first one wasn't bypassed. You did get the messages about resetting the password and the passcode. It means that your email was hacked, probably due to a weak password. And there are also instructions online on how to bypass google authentication, so it's also possible.
The Lesson Here ? we have been talking again and again for years and years now ,
" Never Leave Your Funds In Exchange for Long" Not your Key is Not your Bitcoin
Hope this thread will Open more eyes now , that no matter how trustful is the exchange is ? Yet they are running Business and their Business relies to our Coins on them , So what ever may the reason still they are interested in our funds and can do reasons just to take it away from us.
This is really good lesson for every one as need to learn and understand because I also face some big problems in early days and lost some good amount of funds which I lost in exchanges which is never been recoverable never leave your funds at any exchange for site because not your keys not your coins is very simple and straight forward message to all coin holders just try to have withdrawal from any where and put them in your own wallet is best option. " Never Leave Your Funds In Exchange for Long" Not your Key is Not your Bitcoin
Hope this thread will Open more eyes now , that no matter how trustful is the exchange is ? Yet they are running Business and their Business relies to our Coins on them , So what ever may the reason still they are interested in our funds and can do reasons just to take it away from us.
Notyourkeys.org
Newbies - Read before using exchanges or investing
I'm sorry for your loss but loss was happened and you can not get your coin back. It is lost forever but you can learn from this loss and avoid your fault and future loss.
Wallets on exchanges belong to the exchange operators, not you. So it is not your coins in exchange wallets. You are temporary owners of those coins and if exchange makes a scam exit before the day you withdraw it, you lose it.
Newbies - Read before using exchanges or investing
I'm sorry for your loss but loss was happened and you can not get your coin back. It is lost forever but you can learn from this loss and avoid your fault and future loss.
Wallets on exchanges belong to the exchange operators, not you. So it is not your coins in exchange wallets. You are temporary owners of those coins and if exchange makes a scam exit before the day you withdraw it, you lose it.
Fortunately, you were able to withdraw your stash out on that exchange, that is why it is not recommended for us to use the exchanges platform to store our assets because you don't have full control over it. No matter how much trusted the exchanges are don't ever leave your asset on it for a longer time especially if it is a pretty decent amount. Since you are onto holding you placing it on a hardware wallet is most recommended. You have a point that it must be an inside job 'cause there's no way they can change your password without your permission unless there's an insider on the platform. There's no hundred percent trusted or secured system exists that is why we should always be careful especially when it comes to money.
First you registered on the exchange and have been trading for a long time and all of a sudden they no longer support US customers, that is to say, some sort of regulation might have forced them into stopping their services to US customers and thus hackers might have leveraged that opportunity to scam/hack people who are not aware or it could be you clicked on a phishing website thus disclosing your information. Also, issues like this, is the reason why keeping funds or assets on exchanges isn't a good idea because had it been those assets were in your personal wallet, you will not have any reason to worry. Nevertheless, it is good to hear that you were smart enough to take careful actions to save your assets, thus continue in that manner to withdraw the remaining ones. Lastly, just to be safe from phishing, always bookmark the websites you visit such as exchanges etc.
Jump to: