Topic: Almost lost all of my coins in an exchange last week - page 5. (Read 892 times)

It's unlikely that it's an inside job since it's Binance. Good thing you got your assets out though. Next time, just don't use any exchange as a wallet since they are easy to compromise. Binance is prone to hacking in my opinion because of the recent hacking events.


I wouldn't trust any. Any centralized exchanges are prone to hacking. CEX isn't even for long hold anyway. Just buy a hard wallet. It's better to lose convenience that losing your assets.
 

the name of exchange, the hacker probably hacked your account because you using same password on the other site because its happen to me, but website security nowadays getting better like 2FA.

and better using password manager and add Auth App for more secure

Great to hear that your coins are safe where their are now, most of this exchanges that take actions without prior information to they client are always decentralized exchange because they have no license and no one will be able to followup with they activities. I believe this is an inside job because the hacker that change your password without the code have high control over the exchange security.

US exchanges are more regulated for the most part and, therefore, relatively safer.   And you are correct, nothing should be safer than a hard wallet.


If you were selecting an exchange for the long hold (beside using hard wallet) which one would you trust better?

The whole hack incident was very discouraging and terrifying.  It let me feel extremely insured.

If you can find the thread of the person whose account got hacked, please share.

Just as I suspected. But lucky for you you've managed to take most of your assets out. And while you still can, take them all out and move them somewhere very safe. Since you mentioned that you intend to HODL your funds, then I suggest you don't keep them in an exchange wallet. A hardware wallet is much preferable.

I won't jump into accusing Binance of an inside job. But I've also read a situation somehow similar to yours a few months ago. I can't find the thread but it was also a case of breaking into the account surpassing both email verification and 2FA. I'm not sure if it was also Binance but I think it was.

The Lesson Here ? we have been talking again and again for years and years now ,

" Never Leave Your Funds In Exchange for Long" Not your Key is Not your Bitcoin

Hope this thread will Open more eyes now , that no matter how trustful is the exchange is ? Yet they are running Business and their Business relies to our Coins on them , So what ever may the reason still they are interested in our funds and can do reasons just to take it away from us.

Thank you for your feedback and supports, guys!

The foreign exchange was the "B" exchange that was mentioned by @Coin_trader. 

I had my coins there before the "No US Customer" regulation and had never anticipated that US customers would be excluded from the exchange.  And because my investment had gone from a peak point and down to a very lower one, I was too depressed to login to check on them.  And my strategy was to HODL anyway, I just leave them be.  If I were doing it again, I would put them in a hard wallet (but then why didn't I "ALL IN" on Bitcoin instead ).  However, not all the coins I have were supported by hard wallet such as Ledger. 

I do not have 2FA enabled for your email, buy I know better not to click on any links on emails.  Usually, I login to website by typing the company URL directly on the browser.  I haven't used a computer to login to this exchange for years; I used iPad.  If there were a security breach on my iPad, then they could access my other financial related accounts and done some other damages.  What puzzled me is that, even if we believed that my email has been compromised, then how about the Google Authentication?  I have it on my old iPhone which does not get turned on normally.

Just two days ago, I saw a video that someone who used a desktop wallet got hacked for $75K, possibly by the Chief of Communication Officer, who got fired (or quit) after the person reported the accident to their company.  Basically, he got an email from the CCO requested to reset some credential of this account and, after that, his coins got taken out.  He is a Youtuber who was showing off his $75K worth of coins on his wallet and then this happened.  (https://youtu.be/vHHbaWsUsuw)

Luckily you managed to notice it. You might want to throw away the email that you normally use and create a new one just to be safe, since you never really know if the hacker still has access to it or not, same with the exchange account. Just try using exchanges for trading instead of storing, just to be sure that your funds are safe. Idk much about how US exchanges work, but if it isn't a well known one, or the volume of trading hasn't been much recently, it isn't anything odd for their customer service to actually be less active.

You might also want to check if any malware got in your pc. Did you even have 2FA enabled for your email? If no, then there's a chance that they got your email and pass, but if yes, then they may actually have remote access (somehow one way or another, im just putting out ideas).

It can happened on any exchange since you are a US citizen. They are force by your country regulators to prohibit US citizen on using there exchange so this not there fault. You should not leave your coins on exchange at first place since you don't have full control on your assets there. I think that you can still claim your token in case you did not transfer it on time, they will just locked it and you need to undergo verification to claim it.

Sharing the exchange name will benefit forum member and exchange will never what is your account though. They are not monitoring the forum 24/7 and there are many user same case as yours.

About hacking, it depends on what exchange you are talking about, If its a low tier exchange, its possible as an inside job but if its Binance and other Big exchange I believe click some malicious link though.

That's indeed an awful experience. Good thing you've got your asset out. It seems that you've been hacked or compromise, but given the explanation you said about bypassing code or stuff. It's possible but if you are a careful guy whom not clicking any phishing tabs then there must be some inside job. Hope you can disclose the name of the exchange so we can be aware of this. There are lots of US exchange operating. Is it an old exchange?

Glad you were able to get most of them out of there, this is the main reason why I like to have control of all my private keys and don't use exchanges for storage

(I hesitated to mention the name of the exchange in order to protect my existing account still in there.)

I started to use this exchange almost 4 years ago.  There were no any issues till recently.  Last Dec I logged into my account (which I haven't done it for a while) and the first page showed up saying that they will discontinue my services in 14 days and asked me to move my coins out to their US counterpart because I am a US customer.  I was thinking to myself, it I had not logged in, I would never know about this because they did not contact me at all on this matter. So I contacted the US exchange and found that they do not serve customers in my state.  So during all these times, I was researching for way(s) to relocate my coins.  I contacted the foreign  exchange and told them the challenges that I am facing in finding a place to put them.  They just told me to move the coins out before I lose them and then no reply to my follow up email since.  

Last week, I got three automated emails from them at the same time.  
First email: request to reset password from [IP which is not mine] (and a 6-digit code was included for verification).
Second email: Successful password reset from that same IP.
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
                   (Thanks God for this function with the 24-hour disable withdraw.)

This happening really got my attention.  I immediately tried to log into my account.  I entered my password 4 times (one time away from my account being locked) without successful as it had been changed.  Thankfully, I did not try the 5th time knowing that my account would be locked and I would not be able to get any help from the exchange.  I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.

However, thankfully, I was able to go through the process by clicking on the Forgot Password link and reset my password.  During that process, they sent me an email similar to the first email received before with the verification code.  And by using the code along with my Google Authentication code, I reset my password.  During the next several days, I did my best to get as much information as possible on how and where to move my coins to.  By using a VPN tool (first time), a desktop wallet, a hard wallet, and a  coin wallet that works with the hard wallet I was able to withdraw most of my coins out.  Before I moved my coins out, my heart was so heavy and troublesome because I did not know when the hacker would attack again.  

Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  


Added on Feb 4, 2021
Thank you for your feedback and suggestions.  I added the following information as many people had asked related questions on them.
-   The exchange name has been mentioned by others in this thread.  Please spent sometimes to look for it.  
-   After I pulled my last coins out from the exchange, I will try to contact them and present the incident to them so that they can investigate and, hopefully as a result, to improve their services.
-   In order to reset my password, I need to enter the passcode which was sent to my email + the Google Authentication code.
-   The old iPhone which has the Google Authenticator installed was not turned on at the time when the hack occurred (and it is not usually turned on in order to extend its usage life as the battery is no good).  And I had not kept the recovery key for the authenticator anywhere – I did not save it.  So there is no one, including me can recovery it.  I got the authenticator for years.
-   This is a question for myself (just thought of it last night) – why did the hacker change the password (which triggered the no-withdrawal-in-24-hour rule) instead of withdrawing the coins out right away?  To withdrawal any coins, both the passcode sent to my email and the Google Authenticator code are needed (same as the reset password requirement).
-   I really don’t believe that my email address was compromised.  It that were true, the hacker could redirect the 3 emails that were sent to me to junk folder when the password got changed and account was accessed from a new IP address.  Without receiving these emails, my coins would be done for.
-   By the way, I have no ill attitude toward the exchange.  I really like the exchange as it supports many altcoins that are not supported in many other exchanges.  The way they required both the security code from email and Google Authenticator to withdrawal added a strong security layer to the accounts (in addition to login with username and password).  Also, the no-withdrawal-in-24-hour rule after password changed was a saver.  
-   They provided good customer support services before they shut me down by sending an automated email saying that my IP was identified as from a country that they don’t support when I tried to reach out to them again.  So if you are an US customer and your account got hacked, there is no way for you to seek any help from them – at least within a short amount of time (24 hours?) – before your assets got moved out.