So I know someone who got their Binance account hacked. He had Google auth 2FA and a strong password. He said he logged in, logged out, and the next time he checked all his bitcoin was gone. He didn't get any email notifications or anything.
How is this possible? I was under the impression you had to physically have someones phone to get that auth code.
Henry Roberts
The hacker was coming from inside his own computer
Josiah Carter
most likely they lied about having google 2FA to save face. if this is true it'd be news-worthy. probably had sms 2fa which is hackable if someone messes with your mobile provider
William Murphy
Did he mess with TurtleCoin at all before this?
Eli Turner
also there are programs that lets you generate google 2fa on desktop. obviously that guarantees no additional safety, if an attacker gets access to just your pc they have the code.
one more option is, his phone was rooted. then its much easier to retrieve 2fa codes from it remotely for an attacker.
Ian Powell
What coins was he holding user?
Jason Gomez
this
Kevin Ortiz
I do all my trading on my computer
And my 2fa is on my phone
Will I be okay?
Colton Edwards
>I know someone who X Is that someone you?
Mason Myers
Someone might have played binance support into giving unlocking the 2fa
Blake Wright
so when you go to the part of the page where it shows the IP's from which the account was being logged does it show a different one or not?
Jayden Adams
This Ask this op
Jace Cook
>keeping your coins in an exchange wallet Don't do it again fucking retard
Sebastian Williams
Yeah there was an IP log in from a different country.
Thomas Diaz
well you dun goofd then friendo, and there's more than one way you could've fucked up so geegee, reinstall you PC, reinstall your phone, make new accounts and wallets, stop visiting sketchy sites and torrenting shit, stop licking on every link posted in here, make sure you don't log into phishing sites, and maybe you'll be safe
Jose Cooper
but what does this mean? he had remote access to the PC?
Jaxon Rivera
how is this possible?
Elijah Gray
also the he bypassed the 2FA part seems really sketchy, most retards on here get locked out of their account because their phones fuck up and they're too stupid to write down the code to get back the 2FA on another phone, yet this guy manages to get fucked fucked from the outside
Wyatt Lewis
Binance phishing links are really common in google search.
Often as the top result.
Jaxon Young
as I said there's more than one way you could've fucked up, you either had keyloggers which you got from downloading shit, or going to a page trough a link that first redirects you to other pages, also if you're dumb enough to save your passwords on the browser etc. the 2FA part is the really weird thing for me, unless of course you just never had it in the first place
Brandon Hughes
So phishing or malware is most likely you think?
If they had remote access to the PC, if he didn't log out of binance (even though he said he did), they could open his browser and open the page with him still logged in. Would that account for the different IP though? Would it uses his IP or theirs?
Andrew Thompson
I ve said it in an earlier thread. These are Russian scammers that are targeting Binance users. They get your password with a keylogger. Idk where I got it but I formatted the hard ride after the first time but somehow they got mine twice . since i started typing the passwords in a digital keyboard nothing happened in the last three months. If you don't have 2fa using Google authentication you are fucked because SMS 2fa can be disabled if they know your service provider. For those who have Google Auth they are known to larping as Binance support to get you to disable it in order to restore your password. Of course no one is that retarded and those who are won't never say to save face. The two times I got phishing it was a Russian ip. The only thing clear is that you are using binance you should get 2fa Asap
David Cruz
and it legit was not me, this is someone I know. I'm just wondering how it happened to him, I don't want to get JUSTED like he did.
Andrew Reyes
It probably didn't happen and it was some faggot shilling KuCoin.
Andrew Richardson
no, if it's remote access it wouldn't show up a different IP first because you never logged out, and second everything was don trough your PC even though it's controlled remotely via the hackers PC
Hudson Foster
When people say they were hacked because of X or Y they are usually wrong.
Parker Anderson
Okay, so the hacker got his passwords.
He said he thinks it was malware that got downloaded through an email. Still don't understand how they would get his google auth code, unless he's lying.
Camden Young
I had someone access my binance from an IP in Alabama near the beginning of the month user.
I have never used the account, so it’s not too huge of an issue. I don’t trust binance myself. I honestly don’t trust any non-US based exchange.
If something goes wrong, I want the ability to take legal action. I can’t do that against an exchange in China.
If it’s in the US I can get put into prison and sue them into perpetual poverty for the rest of their life.
Easton Perry
Get them put into prison. This autocorrect is terrible. What are you think Devs?
Austin Wood
This threads got me a little nervous: does ICX have a wallet?
Dominic James
here's the solution to that obnoxious shit
Grayson Morris
>How is this possible? simply not the truth
Dominic Ortiz
>Still don't understand how they would get his google auth code, unless he's lying. told you this is the weirdest part for me too, malware trough email, maybe but still, he prob downloaded from some shady site or clicked some shit "you're the 1000000 visitor" type of thing
Kayden Nguyen
Wondering this as well
Brayden Robinson
It was a phishing site. It passes your login to the real binance then does a withdrawal in the background with the credentials it got.
Levi Brown
single point of failure. mh
Jacob Davis
Yes, as long as you aren't retarded like OP's friend and download obvious malware with 2fa on the same device you log in to binance from.
John Cooper
Your friend is either lying or is a complete fucking retard and got phished. Tell him to kys.