Jump to content
Kane450

Word of caution. Stolen funds

Recommended Posts

4 hours ago, marousi said:

When my coinbase and binance accts were hacked, phone 2fa was enabled.

Was you receiving your 2FA codes by text message?

I have 2-step authentication enabled on all my email addresses and crypto trading accounts and I only use the Google Authenticator app (the required 6 digit 2-step authentication code will change to a different code every 30 seconds). Unless a hacker has physical access to my smartphone, they have no chance of getting into any of my trading accounts.

Share this post


Link to post
Share on other sites
4 hours ago, Sarnos said:

hah why a deposit box if you all need is a brain to remember 24 words 

Well, when you’re my age, you can just fall out and croak. ? ☠️ I do not want my wife and son to not be able to access the XRP (and KIN). That would suck when we hit $589. Even if you’re young, you never know...

Share this post


Link to post
Share on other sites
2 hours ago, Loki said:

How long have you been on this forum? We are an emoji happy place. ?

I’ve been known to use the odd emoji here and there myself. Except the clown one. Clowns...scary...

Share this post


Link to post
Share on other sites
2 hours ago, Kane450 said:

2fa was enabled on everything. But since they accessed my emails they disabled them

That’s one area where exchanges have a long way to go. A bank or credit card issuer would reimburse its customer if that happened. That HAS to be addressed before the general public will mass-adopt crypto. 

Sorry this has happened to you. May karma give the hacker a terminal venereal (sp?) disease and multiply your holdings 100x.

Share this post


Link to post
Share on other sites
9 hours ago, Kane450 said:

Wanted to put this out there as it looks like I have lost some of my xrp.

 

A few days ago my yahoo email account started doing weird things, and I was getting some verification text messages to my phone. Yahoo was asking me for a verification via text but it was listing a different phone model then mine. 

   I had never had this prompt before so I figured it was an error on yahoo’s part. I didn’t have any urgent emails so I left it for a day. 

Big Mistake 

I also had a gmail account. It alerted me to some suspicious log in’s from a location far from me. This was strange and I knew something was up.

I quickly changed my passwords and enabled every security feature I could find. My gmail account worded for a little bit but whoever it was that gotten access I believe changed my password again and I am now locked out. I had used mostly BS info for my personal stuff so I wasn’t able to recover it. 

 

Problem em is I use this email exclusively for coinbase. ****. I get on there and notice additional phone numbers as verified numbers and with my gmail account useless I was running out of time. Luckily my coinbase app would still let me in and I was able to delete my banking info, erase the unknown phone numbers and lock my account via coinbase support.

 

Now the bad stuff

My yahoo account was linked to my binance account. The perpetrator changed my email settings to block any notifications from binance and to forward all emails to another address that was one letter off from mine. This was so I wouldn’t get the notifications from binance on account changes. They were able to transfer about 1800 xrp out of my wallet. They did weird things. They sold the xrp to btc, then rebought the xrp, then sent it out to a new wallet.

 

The kicker. When you stop 2fa, binance puts a 48hr good on your account  they gained access on the 25th  I notified binance to lock my accounts on the 26th  they told me they got my

message and are giving to to the proper departments. I was in contact with them and they set it so I could log into my account. That’s when I discovered the xrp had been transferred out on the 27th in the morning. 

 

So so all this Person did was wait out the 48 hours and bam, got the funds.

i thought highly of binance but I’m not sure if it’s the language barrier or what but they hardly

read the content of my messages. I literally told them to lock it. 

 

So so that sucks. I keep the bulk of My holdings on a nano s. Never keep anything on the exchanges.

 

 

How did they get your e-mail though? Got you through phishing?

Share this post


Link to post
Share on other sites

Thanks for this post.

It made me get off my ass and set up the Nano that’s been sitting on my desk for 2 months.

Am going to bank vault tomorrow.

Sorry about your theft, hope you still have enough XRPs to get rich .

Share this post


Link to post
Share on other sites
3 hours ago, marousi said:

No not by SMS

So how did the hacker gain access to your account if you had 2-step authentication enabled?

In my Kraken trading account, I have 2-step authentication turned on for everything (for logging in, trading, depositing funds, withdrawing funds, etc). I also have the settings in my Kraken trading account locked. So even if a hacker somehow managed to log in to my account, the hacker would need a master code to unlock my locked settings. Every section (trading, funds, settings, etc) in my Kraken trading account has its own individual 2-step code. All four 2-step authentication codes for my Kraken account change every 30 seconds.

Also, I do not keep any cryptocurrencies I purchase on any exchanges and I only use a Ledger Nano S hardware wallet to access the cryptos in my wallet addresses. I never expose my private keys. I either use my ledger Nano S or sign all my crypto transactions on a permanently offline computer.

Edited by 1Ton

Share this post


Link to post
Share on other sites
8 minutes ago, 1Ton said:

So how did the hacker gain access to your account if you had 2-step authentication enabled?

In my Kraken trading account, I have 2-step authentication turned on for everything (for logging in, trading, depositing funds, withdrawing funds, etc). I also have the settings in my Kraken trading account locked. So even if a hacker somehow managed to log in to my account, the hacker would need a master code to unlock my locked settings. Every section (trading, funds, settings, etc) in my Kraken trading account has its own individual 2-step code. All 4 2-step codes for my Kraken account change every 30 seconds.

Also, I do not keep any cryptocurrencies I purchase on any exchanges and I only use a Ledger Nano S hardware wallet to access the cryptos in my wallet addresses. I never expose my private keys. I either use my ledger Nano S or sign all my crypto transactions on a permanently offline computer.

Yeah. I don't get it either. I'm really curious on how it really went down so I can bulk up my security. I think the only 2FA you can disable by email is your email.

Share this post


Link to post
Share on other sites
56 minutes ago, 1Ton said:

So how did the hacker gain access to your account if you had 2-step authentication enabled?

In my Kraken trading account, I have 2-step authentication turned on for everything (for logging in, trading, depositing funds, withdrawing funds, etc). I also have the settings in my Kraken trading account locked. So even if a hacker somehow managed to log in to my account, the hacker would need a master code to unlock my locked settings. Every section (trading, funds, settings, etc) in my Kraken trading account has its own individual 2-step code. All four 2-step authentication codes for my Kraken account change every 30 seconds.

Also, I do not keep any cryptocurrencies I purchase on any exchanges and I only use a Ledger Nano S hardware wallet to access the cryptos in my wallet addresses. I never expose my private keys. I either use my ledger Nano S or sign all my crypto transactions on a permanently offline computer.

Your google 2FA is basically a process, if there is a possibility that this process can be opened to other process, this is how you can get access to 2FA. It just one way, there are other ones.

Share this post


Link to post
Share on other sites
2 hours ago, makemeraf said:

How did they get your e-mail though? Got you through phishing?

I’m guessing this some how. I havent

narrowed down how they got that first yet.

Share this post


Link to post
Share on other sites
3 hours ago, Deeznutz said:

That’s one area where exchanges have a long way to go. A bank or credit card issuer would reimburse its customer if that happened. That HAS to be addressed before the general public will mass-adopt crypto. 

Sorry this has happened to you. May karma give the hacker a terminal venereal (sp?) disease and multiply your holdings 100x.

Yeah this really opened my

eyes to why someone with a lot a money would not get in the space. Just transfer the funds

to another wallet off the exchange and they can’t do anything else. No one could.

Share this post


Link to post
Share on other sites
7 hours ago, Kane450 said:

2fa was enabled on everything. But since they accessed my emails they disabled them

That is not possible...which 2FA did you have?

Share this post


Link to post
Share on other sites
1 hour ago, Kane450 said:

Yeah this really opened my

eyes to why someone with a lot a money would not get in the space. Just transfer the funds

to another wallet off the exchange and they can’t do anything else. No one could.

Not to be paranoid, but think about it for a minute and make sure no one you know had access to all of your info. When I worked in banking, a lot of the time it was a family member who stole, forged the checks, etc. We required a police report before we'd reimburse. Of course I'm not accusing your circle of anything, but unfortunately this is the real world and we have to cover all the bases sometimes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...