Author

Topic: Do exchanges steal your coins when locked out? (Read 257 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 19, 2021, 04:14:58 AM
#25
However, I think that what I wrote makes sense if, for example, we ourselves connected our address to DEX and lost our private keys in some strange way Wink

Then it's your own fault and whether the service is centralized/decentralized doesn't matter.

ETFbitcoin mentioned about obtaining the database file right from the device's storage itself, although it requires an app that reads SQLite files. I don't know if this is possible with iOS, though.

There are many app to read SQLite file, so it's not problem (you just need to find guide about using the app). As for obtaining the file from iOS device, AFAIK there are paid/proprietary app to do it.
newbie
Activity: 42
Merit: 0
I'm wondering if exchanges can cash in your coins if you get locked out of their exchange. 


Decentralized exchanges (the ones without without a central authority) can't do it, they do not know your private keys. So I would advice you to rather use them.
legendary
Activity: 2268
Merit: 18748
we ourselves connected our address to DEX and lost our private keys in some strange way Wink
If you lose your private keys and lock yourself out of your address, then that has nothing to do with the DEX you are trading on. A true DEX never has control of your coins and therefore cannot seize them.

So I guess Google Authenticator must be a bad 2FA app as far as this standard is concerned.
Pretty much. Google Authenticator works as an 2FA app, but it is missing a lot of the features that better apps have such as this encrypted export and import function. Add that to the fact that it is closed sourced and owned by Google, and that should be more than enough to convince you to switch to a different app at some point.
legendary
Activity: 2576
Merit: 1860
Is there some kind of backup for google authenticator?

~snip~
And of course, as I mentioned above, good 2FA apps will let you export an encrypted database of all your codes which can be used as a back up.

So I guess Google Authenticator must be a bad 2FA app as far as this standard is concerned.

I took a quick search if it is possible for a Google Authenticator user to export an encrypted database of the codes to be used as a back up. It seems it's not at all possible. What is allowed in Google Authenticator is to export 2FA accounts in another device. That will serve as a backup but you need to have another smart phone for that. As opposed to the one you mentioned, a USB stick is enough.

ETFbitcoin mentioned about obtaining the database file right from the device's storage itself, although it requires an app that reads SQLite files. I don't know if this is possible with iOS, though.
legendary
Activity: 1512
Merit: 1005
I'm wondering if exchanges can cash in your coins if you get locked out of their exchange. 

Depending on what type of exchange it is. Decentralized Exchanges (DEXs) cannot do this because they have no access your private keys. Centralised exchanges theoretically can do this, because usually only they have access to private keys. In other words, when you keep your money in a centralized exchange, the money isn't really in your hands. You just have access to them.

If you can locked out from decentralized exchange, i doubt it's really decentralized.

In fact, it would be strange if someone will blocked someone else's funds on a decentralized exchange Smiley

However, I think that what I wrote makes sense if, for example, we ourselves connected our address to DEX and lost our private keys in some strange way Wink
hero member
Activity: 3010
Merit: 794
I'm wondering if exchanges can cash in your coins if you get locked out of their exchange. 
Yes of course! They could cash in your coins once it do get locked or you do have violated their terms and conditions on using up the platform which you had agreed when you do make out an account
in the first place which you should be aware off.

They wont make some conversion to fiat directly though as long there is still some chances for a user to recover or unlocked his funds but if there is some ultimatum given out by the exchange
itself then theres nothing you could do.

This is why you should really be careful on dealing with things and shouldnt deal on something which do violates.One of the risk of storing your coins on an exchange
is that you dont totally have the control of your coins.
legendary
Activity: 2268
Merit: 18748
By the way, thank you for the suggestion about 2FA accounts back up. I haven't tried it myself yet. I'm not familiar with how it's going to be done either. But I sure would research more about it. There must be a tutorial somewhere. This must be a better back up. I know I have lost some of my secret codes already.
So, depending on the app you use, you might be able to view the shared secrets within the app. You can certainly do this in Aegis by long pressing on the account of interest, clicking on edit, then advanced, then view the secret, which will let you write it down on paper as a back up. I'm not sure if you can do this in Google Authenticator. If you can't view the shared secret (but still have access to the 2FA app), then you could try logging in to the account in question, disabling 2FA, and then re-enabling it, which should present you with a new code you can write down. And of course, as I mentioned above, good 2FA apps will let you export an encrypted database of all your codes which can be used as a back up.
legendary
Activity: 2576
Merit: 1860
There was so much inconvenience but he eventually got them all back after complying with all the demands. So I guess you could also recover your accounts.
What a ridiculous amount of work just because he didn't take the 30 seconds to either write down the shared secret or back up his 2FA accounts. If you use a good 2FA authenticator app such as Aegis, it takes literally three clicks to export an encrypted back up which you can then store on a USB drive and can be used to restore all your 2FA codes should your phone be damaged, lost, or stolen.

It was indeed a huge hassle on his part. With all his wallets, exchange accounts, local and international apps, and so on, recovering each one of them was indeed extremely irritating. Not to mention that there were initial rejections from some of them.  

By the way, thank you for the suggestion about 2FA accounts back up. I haven't tried it myself yet. I'm not familiar with how it's going to be done either. But I sure would research more about it. There must be a tutorial somewhere. This must be a better back up. I know I have lost some of my secret codes already.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Unless you violate their terms of use, most trusted platforms cannot confiscate your money, but since most of them put a condition in their TOS, you are in the weakest position and the control of the funds for these activities is limited, so your options before the courts are non-existent.

If you violate their usage laws they may allow you to use their services but at some point your account will be frozen and you will lose access to those coins.

So anyway, you are in a weaker position when you deposit.

Most platforms control users’ funds directly, as they have algorithms that predict the amount of withdrawals, and therefore all deposits are transferred to cold storage.
Not only the violations, a silly mistake by you can get your funds locked permanently, for example if you missed your login credentials or the 2FA codes and forgot the recovery codes as well then its literally you lost it forever because many exchanges won't help to resolve anything unless it involves billions or atleast millions.
legendary
Activity: 1596
Merit: 1288
Unless you violate their terms of use, most trusted platforms cannot confiscate your money, but since most of them put a condition in their TOS, you are in the weakest position and the control of the funds for these activities is limited, so your options before the courts are non-existent.

If you violate their usage laws they may allow you to use their services but at some point your account will be frozen and you will lose access to those coins.

So anyway, you are in a weaker position when you deposit.

Most platforms control users’ funds directly, as they have algorithms that predict the amount of withdrawals, and therefore all deposits are transferred to cold storage.
legendary
Activity: 2268
Merit: 18748
There was so much inconvenience but he eventually got them all back after complying with all the demands. So I guess you could also recover your accounts.
What a ridiculous amount of work just because he didn't take the 30 seconds to either write down the shared secret or back up his 2FA accounts. If you use a good 2FA authenticator app such as Aegis, it takes literally three clicks to export an encrypted back up which you can then store on a USB drive and can be used to restore all your 2FA codes should your phone be damaged, lost, or stolen.

I think we can say an exchange will steal/hold your coins if you were locked out and appealed their decision and when access was returned you did not find your coins then we can say your coins were stolen or confiscated
Yeah, that's not how exchanges work. When you log in to your exchange account and see a balance, all you are seeing is an entry from their internal database of user balances. You are not actually seeing your coins as reflected on the blockchain. Usually within minutes of you depositing any coins to an exchange, they have already been swept in to a central wallet.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
I think we can say an exchange will steal/hold your coins if you were locked out and appealed their decision and when access was returned you did not find your coins then we can say your coins were stolen or confiscated but where you are locked out and access isn't returned to the user then those coins and account are good as gone...btw I think using the word stolen would amount to a criminal offense so hold or confiscate should be more appealing .

legendary
Activity: 2576
Merit: 1860
My brother lost his phone once. He's got more than a handful of exchanges and wallets and sites that have 2FAs in that phone. He didn't have backups of some of those. But he was able to recover every single one of them. The requirement varied from one site to another but I can remember a site asked for a police report, some asked for a notarized affidavit of loss, perhaps all asked that he undergo KYC, and so on. But before he even attempted to recover them, he already reached out to the support and requested that his account be frozen due to the incident.

There was so much inconvenience but he eventually got them all back after complying with all the demands. So I guess you could also recover your accounts.
legendary
Activity: 1512
Merit: 1005
I'm wondering if exchanges can cash in your coins if you get locked out of their exchange. 

Depending on what type of exchange it is. Decentralized Exchanges (DEXs) cannot do this because they have no access your private keys. Centralised exchanges theoretically can do this, because usually only they have access to private keys. In other words, when you keep your money in a centralized exchange, the money isn't really in your hands. You just have access to them.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
How legal are the laws of different exchanges that were stated? I think it looks like they can write whatever they want, why the governments let them to do that? Some of their laws look like even if they state: You'll become our slave forever if you violate one of our law. <-- will be stated without a problem and none government will ask them for changes.
Did I violate laws? Then Binance will freeze my account and leave funds for them. Isn't this robbing? These coins should be burnt!
Did Binance violate any of their law? No problem because they won't punish themselves. Have you seen any business punishing themselves? No!

So, customers are always suffered and it's somehow logical and acceptable in our society and for the governments. Why, just why? Seems this world will never be what I have expected  Cry
legendary
Activity: 2268
Merit: 18748
My phone broke and the old 2FA codes were lost.  Had to start over again.  Is there some kind of backup for google authenticator?
When you added each site to your authenticator app, you should have written down the shared secret which would have been presented both as a QR code and a string of (usually) 16 alphanumeric characters. This string of characters lets you recover each account should you lose your 2FA app or device.

Most 2FA apps also allow you to export a database of your saved sites which you can use for back up.

If you have not done either of these things, then it is too late and your only hope is to go through their customer support. But if they choose to refuse to return your accounts and coins to you, then there is very little you can do short of trying to take them to court.
hero member
Activity: 2730
Merit: 552
Well, in my case, my phone broke, and Graviex and Coinex.com are not making it fair to get back in.  All the other exchanges I've gotten back in.
Hadn't you sorted your exchange credentials? I am not getting exactly what problem you are facing right now. If you have an exchange credential then you should be able to log in. Credentials mean including two-factor authentication if you have enabled it.

By the way, as o_e_l_e_o already wrote, the exchange has all the right to do everything.  When you are using and centralized exchange literally you are trusting them. If you can not trust then you should avoid using a centralized exchange.

My phone broke and the old 2FA codes were lost.  Had to start over again.  Is there some kind of backup for google authenticator?
legendary
Activity: 2408
Merit: 2226
Signature space for rent
Well, in my case, my phone broke, and Graviex and Coinex.com are not making it fair to get back in.  All the other exchanges I've gotten back in.
Hadn't you sorted your exchange credentials? I am not getting exactly what problem you are facing right now. If you have an exchange credential then you should be able to log in. Credentials mean including two-factor authentication if you have enabled it.

By the way, as o_e_l_e_o already wrote, the exchange has all the right to do everything.  When you are using and centralized exchange literally you are trusting them. If you can not trust then you should avoid using a centralized exchange.
hero member
Activity: 2730
Merit: 552
Well, in my case, my phone broke, and Graviex and Coinex.com are not making it fair to get back in.  All the other exchanges I've gotten back in.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Well imagine they do not have these terms.
Scammers and bad actors will try to steal from them and they can not protect the assets legally from the scammers.

What? Bad actors will still try to steal from them regardless if these exchanges have these certain clauses in their ToS or not. It's not like hackers follow the exchange's rules before they make their attempts lol.
legendary
Activity: 2492
Merit: 1232
I tend to agree with @o_e_l_e_o comments above, they have a right to confiscate all that you have valuable assets in your account and I think this was a very common agreement that we found of terms and use (TOS), once you agreed with the TOS, this is the possible outcome.  Once your account is locked up by exchange, it means you violated the terms that you agree with and it's included to confiscate your fund once you are found out guilty and can't provide KYC/AML verification.

That's not stealing by them, it's confiscated since you're violated the term of agreements.
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
Since the exchange collects whatever customers deposit in one place called a central wallet and they have full access (privatekey), of course they can always cash out behind the scenes even if your account is unlocked and without reducing the balance in your account. That is the main drawback of centralized exchanges.

Roughly speaking, you intentionally lend your crypto to be managed by the exchanges with the amount recorded in the account and you have the right at any time to collect the loan by withdrawing as long as your account is not locked or they have not turned into a scam.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Binance
You agree that Binance shall have the right to immediately suspend your Binance Account (and any accounts beneficially owned by related entities or affiliates), freeze or lock the Digital Assets or funds in all such accounts, and suspend your access to Binance for any reason including if Binance suspects any such accounts to be in violation of these Terms, our Privacy Policy, or any applicable laws and regulations.
...
Except as set forth in paragraph 4 below, once a Binance Account is closed/withdrawn, all remaining account balance (which includes charges and liabilities owed to Binance) will be payable immediately to Binance.

Coinbase
We reserve the right to cancel and/or suspend your Coinbase Account(s) and/or block transactions or freeze funds immediately and without notice if we determine, in our sole discretion, that your Account is associated with a Prohibited Use and/or a Prohibited Business.
...
You will be permitted to transfer Digital Currency or funds associated with your Hosted Digital Currency Wallet(s) and/or your USD Wallet(s) for ninety (90) days after Account deactivation or cancellation unless such transfer is otherwise prohibited (i) under the law, including but not limited to applicable sanctions programs, or (ii) by a facially valid subpoena or court order.

Bitfinex
Such sanction may include removing or declining to post any User Submissions you provide, making a report to any Government, law enforcement, or other authorities, without providing any notice of you about any such report; freezing or confiscation of any Fiat funds, property, proceeds, or Digital Tokens in your Account (including any subaccount orany Digital Tokens Wallet) that you have on the Site; and, suspending or terminating your access to any Services or Fiat funds, property, proceeds, or Digital Tokens from any Digital Tokens Address or Digital Tokens Wallet. Bitfinex may, at its sole and absolute discretion, seize and deliver your property to any applicable Government, law enforcement, or other authorities where circumstances warrant or in accordance with Laws
Well imagine they do not have these terms.
Scammers and bad actors will try to steal from them and they can not protect the assets legally from the scammers.

I'm wondering if exchanges can cash in your coins if you get locked out of their exchange.  
Eventually they do cash in your coins if you are no longer with them.
legendary
Activity: 2268
Merit: 18748
Yup. Pretty much every exchange will have something in their Terms of Service which allows them to seize your coins and either keep them for themselves or turn them over to someone else if you breach their Terms of Service.

Take a look at some of the big exchanges for example (emphasis added):

Binance
You agree that Binance shall have the right to immediately suspend your Binance Account (and any accounts beneficially owned by related entities or affiliates), freeze or lock the Digital Assets or funds in all such accounts, and suspend your access to Binance for any reason including if Binance suspects any such accounts to be in violation of these Terms, our Privacy Policy, or any applicable laws and regulations.
...
Except as set forth in paragraph 4 below, once a Binance Account is closed/withdrawn, all remaining account balance (which includes charges and liabilities owed to Binance) will be payable immediately to Binance.

Coinbase
We reserve the right to cancel and/or suspend your Coinbase Account(s) and/or block transactions or freeze funds immediately and without notice if we determine, in our sole discretion, that your Account is associated with a Prohibited Use and/or a Prohibited Business.
...
You will be permitted to transfer Digital Currency or funds associated with your Hosted Digital Currency Wallet(s) and/or your USD Wallet(s) for ninety (90) days after Account deactivation or cancellation unless such transfer is otherwise prohibited (i) under the law, including but not limited to applicable sanctions programs, or (ii) by a facially valid subpoena or court order.

Bitfinex
Such sanction may include removing or declining to post any User Submissions you provide, making a report to any Government, law enforcement, or other authorities, without providing any notice of you about any such report; freezing or confiscation of any Fiat funds, property, proceeds, or Digital Tokens in your Account (including any subaccount orany Digital Tokens Wallet) that you have on the Site; and, suspending or terminating your access to any Services or Fiat funds, property, proceeds, or Digital Tokens from any Digital Tokens Address or Digital Tokens Wallet. Bitfinex may, at its sole and absolute discretion, seize and deliver your property to any applicable Government, law enforcement, or other authorities where circumstances warrant or in accordance with Laws

When you deposit coins to an exchange, they are very quickly swept in to a central hot wallet and mixed with every other users' coins. Should your account be terminated, then obviously the exchange isn't going to look at your balance and send that many coins out of their hot wallet to some burn address to sit inaccessible forever - they are simply going to absorb your coins in to their own balance sheet.
hero member
Activity: 2730
Merit: 552
I'm wondering if exchanges can cash in your coins if you get locked out of their exchange. 
Jump to: