Dear Community, please, if any of you have 2fa turned off - turn it on now.
Any account, even if its not important, reserved, useless. Find it and use 2FA everyehere!
I know that vast majority uses 2fa properly, but also - im sure that there is still someone like me, who just self-assured enough to rely on big strong passwords and "no one can steal it" , so my note is to them.
I've just lost ~4k$ worth on my polo wallet, because of my impermissible stupidity. It was part of my future, big part, it was more then just money.
Dont know how to live on, this is not the only trouble lately, but it looks like this is the last straw.Seems like god doesnt want me to be
Anyway there is my story:
I was early crypto user and it gave me a great experience, in 12-13's i had about 10 btcs profit from ~200$ investments, margin trade play, could get out from 1k spike those days with no loss, but not much earned anyway. Had a profit on btce, but... well, you know what happened next, partially loss, but i managed to withdraw about 50% and stayed in. It should learn me more then it did.
From this point i deside that i wish to hodl, and i was sure, just as im sure now, that main cryptos will be 100% profitable at long distances.
So as soon as i could , i put some in btc and ltc and xrp(experiment) on poloniex account and just logout for a very long time.
It was about 2017 , my daughter born in 13, so i was absolutely swallowed by my family, work, home things and sleepless nights.
If you still read this - thanks a lot. You ll be awarded with whole point if this topic very soon.
Marriage turned out to be not such a great thing.
Best friends are bullshit, they can betray you better than enemies.
Upon divorce, if you are a father, you will be a little less than completely removed from your children. I never thought that I would regret that I am a man.
Without going into details, I want to describe my condition in recent years - hardly keeping from curtcobaining.
All my savers was - my princess daughter and work hard at my fulltime job. And a little but warm and cozy polo account
So all this time i was observer , the only few times i had to log in when polo changed privacy politics and i was asked to verify personality and pics with id.
Initially, when I signed up, the 2fa activation procedure seemed complicated to me, I just couldn't go through it.
Most likely due to the lack of time synchronization on the phone and computer. But at that moment I did not ponder and left it as it is.
And the second critical error was that I believed that ip and 2fa protection was enabled on my email service. Since I always logged in from one range, I did not do any more other than entering the password.But in the case of login from another ip, the service had to request numbers from SMS. So I continued to believe that no one could get access to email.
Meanwhile, even though i havent login at all, i knew that i had crypto and entertained myself at cryptowatch, calc my growing profit.
In this year my company starts to fail off this year, i felt low on cash.
And i started to get this polo money to the account, i mean - i promised new bicycle for my princess, we planned to go to the sea, i thought about the best way to split the money , because i wanted to leave a part for the future hodling...
so , when i finally tried to log into my polo account - "wrong password" thing spoiled me so much.
Well, there is a button, right? Forgot your pwd - mailcheck - new pass.. Finally logged in, deep breath in, wallet - show me pretty digs!
... 0,45$
Its very hard to explain what i felt that second, English is not my native language. But after so much bad things in my live, i just think that im cursed...
mail service that i use so much years wasnt 2fa protected.
and there was no geo protection either, witch could be last barrier
I dont know how my mail pwd was compromised, but it was. I have never use it anywhere else, this days there is so much points of leakage...
Anyways - attack was pretty simple.
Search emails, see polo newsletters, push @forget password@, get new one, delete mails, (withdraw, delete mails) x many times. In fact, they withdraw everything in 2 days.
ips - all over the world, sure it was tor or vpns.
Thats also important - there is no geo protection on poloniex.
Im sorry for a crumpled text, even though it has been 2 weeks or so after robbery. Hard to concentrate, i still cannot cool down, my eyes in tears and my hands shaking.
If this message will force at least one person to do things for better accounts protection - im glad that isnt useless
One more time - DONT BE STUPID, TURN ON 2fa, KEEP YOUR FUNDS JUST AS SAVE AS POSSIBLE! NEVER USE UNRELIABLE SERVICES!
and another - THERE IS ONLY ONE WAY TO SAVE YOUR MONEY FOREVER: BE PARANOID!
Of course, I am to blame. But I also have concerns about polo and my email service. All of this could have been avoided if polo had decent protection against suspicious withdrawals.
I wish every person here will always be happy, rich and healthy. God bless you all.