Bitcoin Forum

(I hesitated to mention the name of the exchange in order to protect my existing account still in there.)

I started to use this exchange almost 4 years ago.  There were no any issues till recently.  Last Dec I logged into my account (which I haven't done it for a while) and the first page showed up saying that they will discontinue my services in 14 days and asked me to move my coins out to their US counterpart because I am a US customer.  I was thinking to myself, it I had not logged in, I would never know about this because they did not contact me at all on this matter. So I contacted the US exchange and found that they do not serve customers in my state.  So during all these times, I was researching for way(s) to relocate my coins.  I contacted the foreign  exchange and told them the challenges that I am facing in finding a place to put them.  They just told me to move the coins out before I lose them and then no reply to my follow up email since.  

Last week, I got three automated emails from them at the same time.  
First email: request to reset password from [IP which is not mine] (and a 6-digit code was included for verification).
Second email: Successful password reset from that same IP.
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
                   (Thanks God for this function with the 24-hour disable withdraw.)

This happening really got my attention.  I immediately tried to log into my account.  I entered my password 4 times (one time away from my account being locked) without successful as it had been changed.  Thankfully, I did not try the 5th time knowing that my account would be locked and I would not be able to get any help from the exchange.  I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.

However, thankfully, I was able to go through the process by clicking on the Forgot Password link and reset my password.  During that process, they sent me an email similar to the first email received before with the verification code.  And by using the code along with my Google Authentication code, I reset my password.  During the next several days, I did my best to get as much information as possible on how and where to move my coins to.  By using a VPN tool (first time), a desktop wallet, a hard wallet, and a  coin wallet that works with the hard wallet I was able to withdraw most of my coins out.  Before I moved my coins out, my heart was so heavy and troublesome because I did not know when the hacker would attack again.  

Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  


Added on Feb 4, 2021
Thank you for your feedback and suggestions.  I added the following information as many people had asked related questions on them.
-   The exchange name has been mentioned by others in this thread.  Please spent sometimes to look for it.  
-   After I pulled my last coins out from the exchange, I will try to contact them and present the incident to them so that they can investigate and, hopefully as a result, to improve their services.
-   In order to reset my password, I need to enter the passcode which was sent to my email + the Google Authentication code.
-   The old iPhone which has the Google Authenticator installed was not turned on at the time when the hack occurred (and it is not usually turned on in order to extend its usage life as the battery is no good).  And I had not kept the recovery key for the authenticator anywhere – I did not save it.  So there is no one, including me can recovery it.  I got the authenticator for years.
-   This is a question for myself (just thought of it last night) – why did the hacker change the password (which triggered the no-withdrawal-in-24-hour rule) instead of withdrawing the coins out right away?  To withdrawal any coins, both the passcode sent to my email and the Google Authenticator code are needed (same as the reset password requirement).
-   I really don’t believe that my email address was compromised.  It that were true, the hacker could redirect the 3 emails that were sent to me to junk folder when the password got changed and account was accessed from a new IP address.  Without receiving these emails, my coins would be done for.
-   By the way, I have no ill attitude toward the exchange.  I really like the exchange as it supports many altcoins that are not supported in many other exchanges.  The way they required both the security code from email and Google Authenticator to withdrawal added a strong security layer to the accounts (in addition to login with username and password).  Also, the no-withdrawal-in-24-hour rule after password changed was a saver.  
-   They provided good customer support services before they shut me down by sending an automated email saying that my IP was identified as from a country that they don’t support when I tried to reach out to them again.  So if you are an US customer and your account got hacked, there is no way for you to seek any help from them – at least within a short amount of time (24 hours?) – before your assets got moved out.

Glad you were able to get most of them out of there, this is the main reason why I like to have control of all my private keys and don't use exchanges for storage

That's indeed an awful experience. Good thing you've got your asset out. It seems that you've been hacked or compromise, but given the explanation you said about bypassing code or stuff. It's possible but if you are a careful guy whom not clicking any phishing tabs then there must be some inside job. Hope you can disclose the name of the exchange so we can be aware of this. There are lots of US exchange operating. Is it an old exchange?

It can happened on any exchange since you are a US citizen. They are force by your country regulators to prohibit US citizen on using there exchange so this not there fault. You should not leave your coins on exchange at first place since you don't have full control on your assets there. I think that you can still claim your token in case you did not transfer it on time, they will just locked it and you need to undergo verification to claim it.

Sharing the exchange name will benefit forum member and exchange will never what is your account though. They are not monitoring the forum 24/7 and there are many user same case as yours.

About hacking, it depends on what exchange you are talking about, If its a low tier exchange, its possible as an inside job but if its Binance and other Big exchange I believe click some malicious link though.

Luckily you managed to notice it. You might want to throw away the email that you normally use and create a new one just to be safe, since you never really know if the hacker still has access to it or not, same with the exchange account. Just try using exchanges for trading instead of storing, just to be sure that your funds are safe. Idk much about how US exchanges work, but if it isn't a well known one, or the volume of trading hasn't been much recently, it isn't anything odd for their customer service to actually be less active.

You might also want to check if any malware got in your pc. Did you even have 2FA enabled for your email? If no, then there's a chance that they got your email and pass, but if yes, then they may actually have remote access (somehow one way or another, im just putting out ideas).

Thank you for your feedback and supports, guys!

The foreign exchange was the "B" exchange that was mentioned by @Coin_trader. 

I had my coins there before the "No US Customer" regulation and had never anticipated that US customers would be excluded from the exchange.  And because my investment had gone from a peak point and down to a very lower one, I was too depressed to login to check on them.  And my strategy was to HODL anyway, I just leave them be.  If I were doing it again, I would put them in a hard wallet (but then why didn't I "ALL IN" on Bitcoin instead :)).  However, not all the coins I have were supported by hard wallet such as Ledger. 

I do not have 2FA enabled for your email, buy I know better not to click on any links on emails.  Usually, I login to website by typing the company URL directly on the browser.  I haven't used a computer to login to this exchange for years; I used iPad.  If there were a security breach on my iPad, then they could access my other financial related accounts and done some other damages.  What puzzled me is that, even if we believed that my email has been compromised, then how about the Google Authentication?  I have it on my old iPhone which does not get turned on normally.

Just two days ago, I saw a video that someone who used a desktop wallet got hacked for $75K, possibly by the Chief of Communication Officer, who got fired (or quit) after the person reported the accident to their company.  Basically, he got an email from the CCO requested to reset some credential of this account and, after that, his coins got taken out.  He is a Youtuber who was showing off his $75K worth of coins on his wallet and then this happened.  (https://youtu.be/vHHbaWsUsuw)

The Lesson Here ? we have been talking again and again for years and years now ,

" Never Leave Your Funds In Exchange for Long" Not your Key is Not your Bitcoin

Hope this thread will Open more eyes now , that no matter how trustful is the exchange is ? Yet they are running Business and their Business relies to our Coins on them , So what ever may the reason still they are interested in our funds and can do reasons just to take it away from us.

Just as I suspected. But lucky for you you've managed to take most of your assets out. And while you still can, take them all out and move them somewhere very safe. Since you mentioned that you intend to HODL your funds, then I suggest you don't keep them in an exchange wallet. A hardware wallet is much preferable.

I won't jump into accusing Binance of an inside job. But I've also read a situation somehow similar to yours a few months ago. I can't find the thread but it was also a case of breaking into the account surpassing both email verification and 2FA. I'm not sure if it was also Binance but I think it was.

US exchanges are more regulated for the most part and, therefore, relatively safer.   And you are correct, nothing should be safer than a hard wallet.


If you were selecting an exchange for the long hold (beside using hard wallet) which one would you trust better?

The whole hack incident was very discouraging and terrifying.  It let me feel extremely insured.

If you can find the thread of the person whose account got hacked, please share.

the name of exchange, the hacker probably hacked your account because you using same password on the other site because its happen to me, but website security nowadays getting better like 2FA.

and better using password manager and add Auth App for more secure

It's unlikely that it's an inside job since it's Binance. Good thing you got your assets out though. Next time, just don't use any exchange as a wallet since they are easy to compromise. Binance is prone to hacking in my opinion because of the recent hacking events.


I wouldn't trust any. Any centralized exchanges are prone to hacking. CEX isn't even for long hold anyway. Just buy a hard wallet. It's better to lose convenience that losing your assets.
 

First you registered on the exchange and have been trading for a long time and all of a sudden they no longer support US customers, that is to say, some sort of regulation might have forced them into stopping their services to US customers and thus hackers might have leveraged that opportunity to scam/hack people who are not aware or it could be you clicked on a phishing website thus disclosing your information. Also, issues like this, is the reason why keeping funds or assets on exchanges isn't a good idea because had it been those assets were in your personal wallet, you will not have any reason to worry. Nevertheless, it is good to hear that you were smart enough to take careful actions to save your assets, thus continue in that manner to withdraw the remaining ones. Lastly, just to be safe from phishing, always bookmark the websites you visit such as exchanges etc.

Fortunately, you were able to withdraw your stash out on that exchange, that is why it is not recommended for us to use the exchanges platform to store our assets because you don't have full control over it. No matter how much trusted the exchanges are don't ever leave your asset on it for a longer time especially if it is a pretty decent amount. Since you are onto holding you placing it on a hardware wallet is most recommended. You have a point that it must be an inside job 'cause there's no way they can change your password without your permission unless there's an insider on the platform. There's no hundred percent trusted or secured system exists that is why we should always be careful especially when it comes to money.

Notyourkeys.org (https://notyourkeys.org/)
Newbies - Read before using exchanges or investing (https://bitcointalk.org/index.php?topic=5178747.0)

I'm sorry for your loss but loss was happened and you can not get your coin back. It is lost forever but you can learn from this loss and avoid your fault and future loss.

Wallets on exchanges belong to the exchange operators, not you. So it is not your coins in exchange wallets. You are temporary owners of those coins and if exchange makes a scam exit before the day you withdraw it, you lose it.

This is really good lesson for every one as need to learn and understand because I also face some big problems in early days and lost some good amount of funds which I lost in exchanges which is never been recoverable never leave your funds at any exchange for site because not your keys not your coins is very simple and straight forward message to all coin holders just try to have withdrawal from any where and put them in your own wallet is best option.

Why not withdraw the coins altogether into your personal wallet? It's better to keep them there that on an exchange anyway. I'm glad that you managed to restore access to your funds and even though the process sounds pretty tough, at least it's working.
I don't think it's an inside job because I'm guessing it's a very reputable exchange which I remember decided to serve US customers separately due to the wish to comply with the US regulations. An exchange like that wouldn't try to scam you. As for bypassing the email code and Google Authentication, I think the first one wasn't bypassed. You did get the messages about resetting the password and the passcode. It means that your email was hacked, probably due to a weak password. And there are also instructions online on how to bypass google authentication, so it's also possible.

Fortunately, you are a computer literate and you have successfully recovered and transferred your coins before you finally lose them.  I think, that your exchange account was hacked because it knows your log in details, it is really good and there is an automatic closing of the withdrawal of money at the designated time when there is suspicious activity in the account especially if it comes from another IP.  Maybe the exchange just locked this account until you try to access it again by providing these 2FA codes and resetting the password.  But it seems that the exchange failed to inform you of the cessation of their service in your country of origin, they should send you an ugent or important notice in the email about that not only on their site you can read.

I can say still you are lucky and you save your coins with your wit. I believe exchange has to follow the policy of your country that's why you have been given small time and in between hackers got the access of your Ac and luckily you were also more active than a hacker. Its not a small issue that somebody has access your Ac might be it can be a exchange official who hacks your Ac but I believe it's not easy to get access to user data and I suggest you to keep your coins in the Hardware wallet rather than on any exchange.

No comment about an inside job but it happens that hackers will send us any malicious link that can possibly trick us and put everything in their control once you follow what the link said and mostly they are asking to reset your password. If they are done to this, you no longer login to your account.
One way to avoid this is to ignore most emails asking like that coz I know that it never happens from an exchanger asking for you to reset/change password unless if you are asking it personally. And that last tool that helps us to prevent unwanted withdrawals is in enabling 2FA authentication as surely they can't get anything from even you keep funds on the exchanger for a long time.

As the old man said, “Not your keys, not your coins”

I suggest that if you want your coins or tokens to be safe, you must be willing to put em’ all in your cold or decentralized wallet where you are having the full custody of your private keys or mnemonic phrases. I only use exchange for day, swing and trend trading and not my storage.

It’s great that your coins and tokens are safe. Good job!

That might be a close call, hackers are always trying to hack people sending a lot of emails or links that you could possibly click. Its definitely difficult if your not careful because you don't know if its a phishing email so that they could reset your password. It is also possible that it is made by someone working in that exchange or website you never know. I would not suggest that you use a exchange for storing your bitcoin or your alternative coins in a exchange if your going to a long term investment similar in your case it is possible that a exchange could be close or bankrupt. It is safe to find a wallet that have its own private key just to avoid issues for long term and it is much more safer than custodial wallets and exchanges.

That is really frustrating. I have same experience this month when I saw zero balance in my account that caused me to panic. Good thing that there is just a migration of the exchange.I am holding my asset there for 3  years and I almost lost it. It is good that I was able to retrieve. With that experience, I recommend to use hardware wallet and not stock on exchange to avoid such panic. Also be careful when opening links sent to you email because in phishing sites, they may hack your account.

It's more convenient to store those your own wallet rather than storing it on exchanges. You can't tell whether if it is still safe when you will become inactive for a long period of time.

You are right, if holding coins is the intention then a hardware wallet is the safest place I believe where these can be kept. Also, I think I came across that thread you are talking about, but yes we cannot really accused Binance of something at least its a hard case proof. Hacking is for certain though, so as much as we should earn not to leave our funds one exchange, we should also take note of the security level of our accounts and the sites we visit.

This is a good idea.  

I have the tendency of not clicking links from incoming emails.  I normal type their sites’ urls on the browser.  Even if I do click them ( from some less important sites), I would check the underlining addresses’ domain names to further verify the authenticity.  So we can definitely leave the possibility of phishing part out.  


The hard wallet does not really support the remaining coins (which is a very small portion value of the original anyway) and it will take me more research on how to get a wallet that works with the hard wallet.  The email has a strong password.

I would like to learn how to bypass Google Authentication so that, if possible, I can be better prepared to prevent it to happen.

If you are not going to mention the name of that exchange the same issue will soon be encountered by another user so I think you can help us with that. Lucky for you to recover all your funds and now it is a lesson learned.

I would like to share my story to them if I’m still able to reach them.  At this moment, they disabled my contact option completely. 

If the email code and Google Authentication can be bypassed, won’t they know about it so that they can use some other probable authentication methods? 

Please skim through the prior messages from others.  It has been mentioned. 

To give them the benefit of doubt, I was only asking if it was an inside job.  I did not say it was an inside job.   8) ( I really like the CEO on the way he handled the previous hacked case by issuing a bounty on the hacker.  So if there was an inside job, they should drag the person/group out to prevent their reputation being ruined.)

I almost didn't breath the whole time I was reading your story, this is a very alarming situation that could happen to anyone of us here who are using such exchange. Luckily you've done your part to secure your coins, panicking could be an advantage sometimes, I guess. The only thing you can do next is to change the exchanger where you Trade your coins, and don't put it all there, just put the coin you wanted to trade in a certain period amount of time.

And use custodial wallet to store your coins, for more safety.

I'm glad that you actually saved your account/coins, that's the positive thing. However, there are a few possibilities of why it happened. Firstly, OP might have clicked a phishing site, which stole your details. Secondly, some other website you might have registered on got hacked, thus, leading to a huge information leak, including your credentials. Thirdly, an inside job, but that would be extremely unlikely for your case.

It's either one of the first two options.

It could have been better if you share the name of exchange you are talking about here since you already take your coin out of the exchange. Firstly, everyone need to understand the reason why long time traders have been saying that it is not safe to live many of your coin in an exchange. This is exactly reason why. Secondly, the way you have explained, it could have been and inside job or probably a sort of vulnerability that have access to your personal informations. I will advise you to also make sure your email account password is change with a more secure one. Who knows the hacker might still have access.

If you think that the exchange is behind the hack, you need to expose the exchange name and let them explain the reason why that happened so that the customers using that exchange will be aware of the situation. You cannot be silent if you went through a situation like this and we need transparency in this issue so that others will not face the same issue.

It's binance exchange and also don't get why he has refused to identify that in the OP but his second reply give a hits since he said the B-exchange and we all know binance is the most popular exchange starting with the B letter. The idea of holding coins on exchange is starting to fade away as new reports are surfacing indicating less coins are been kept in exchange. It'll take some more effort than what we're currently doing to make this a win for the industry.

The hacks aren't doing much impact since the exchanges have come up with a way to avoid going bankrupt when this hacks occurs like with binance setting up an insurance fund to help payback stolen funds etc.

Exchange come up with mouthwatering offers just to keep your coins in their custody, this alone is a red flag to not trust them with your coins and end up regretting in future. Well lucky you and glad you could get back your coins. Hope lesson has been learnt.

You weren't from an unsupported country when they were trying to get your coins sent to them.

You weren't from an unsupported country when they were sending emails to you.

You have an issue? Suddenly you're from an unsupported country :D

Exchange or platforms that do offer something just for you to make your coins park into their site is really that quite suspicious specially if it do offers something that is really  hard to resist.
Even if its really a known platform or one of the top then i cant really just trust them no matter what.Always have that main rules that never ever store up your coins on an exchange.
If you dont possess the keys then it isnt really your coins after all.When it comes to hacking incidents then i do somewhat bit confident with Binance, yet it had been proved out
that they can compensate incase if there are users who do lost up funds in the process unlike others which do totally close up their doors afterwards.

If I'm not mistaken, all exchanges have a feature like this, and also most of them it required 2FA that it's hard to make transaction once your account on exchange gets compromised or hacked.  Good to see that this was saved your assets back and you able to retrieve them.

That's why if we have a plan to leave a huge amount on exchange make sure you had already doubled or tripled set the security level in your account and if it will compromise, you have a chance of getting them back.  Might be also good if you leave only a small amount on the exchange if ever exchange has an exit scam, isn't hurt for you.  We know the golden rule of saving crypto assets, "not your key, not your coins".

You should always have a UNIQUE and STRONG password for each service / account you own in the Internet mate. What might have happened is somehow the "thief" managed to grab a hold of your password from probably another hack from other company that had their information breach. You can check if you had suffered such deal here : https://haveibeenpwned.com/ . Just input your e-mail (the one you use in the exchange) and it'll let you know if there was a breach associated with that e-mail.

Plus, it's never a bad time to use a password manager. There are tons out there, each with their pros/cons. Bitwarden, 1Password, KeePass are some of the examples I can give you. If you need help let us know and I'm sure we'll be able to help you :)

You are correct on the exchange.  And I still have a small portion of coins in there as it is hard to find a place for them either in hard wallet or in an US exchange that supports my state.

Years ago I went crazy on Altcoins expecting that if one of them made it, the reward could be abundant.  Unfortunately, the opposite happened.  But recently they came back 400% from 6 months ago which was only 1/3 of the peak value, but that was still a good thing.

The feeling during that several days where I was trying to figure out on how and where to move the coins out was very stressful because I didn’t even know if I would be able to do so as they stopped servicing US customers.  I also felt so helpless because they automatically refuse my email inquiry.  So if I could not transfer the coins out, I would be stuck.  Moreover, I didn’t know if the hack is going to happen again during these times.  Unimaginable.

Thank you for your info.  Yes, my email had been pawned many times during the last 10 years, but that does not mean that people can know my password.  Nowadays, most of the major website do not keep our passwords.  (But just for precautionary measure, I just changed my password again this morning.)

I will look into the password manager option you mentioned after all these ordeals at present are over as I still need to get the rest of my coins out - even though the amount is small.  I am not familiar with how the suggested passwords function works and, because of that, I always turned down the suggestion and create my own passwords concerning that I won’t remember the suggested passwords.  iPad has a keychain function which save passwords in it, but it does not auto save them on some apps. 

Ironic as it may sound, I think I'd be choosing Binance. But your situation and mine are different. You are restricted to use Binance; I am not. I am choosing Binance primarily because of their Secure Asset Fund for Users (SAFU). It is a kind of an insurance fund for their users. I guess on your part, Kraken might be a trustworthy option.

However, I'd like to emphasize that there is absolutely ZERO reason for hodling funds in an exchange wallet.


I actually looked for it yesterday but to no avail. I'd look for it again.

Binance is not bad if you have access to it.  It is a risky business on what's all going on nowadays.  For US customers, it is a loose situation. I hope everyone of them will be able to get their coins out safely.

which exchange is at stake here?
Did you check your spam box on email service? I regularly receive updates from some exchanges about delisting coins. Some of them end up in the spam/trash folder.
Also once have a similar situation where is my country is disallowed from Kucoin, but they disable all trading function, only withdraw has been possible at the moment. when the interference is removed and my country was re-approved to full access on that platform, everything returned to normal very quickly.
I want to say, that in normal and professional exchanges, everything working fine.

It got mentioned upstairs post.


I can receive their email telling me that they cannot support me fine without any issue.

It probably will take at least 10 years, if not ever, for the exchange to allow US customers again. 

Glad that you've got all the coins you have because if you haven't noticed that one maybe you're poor now, kidding aside, haven't you read a policy before using exchange and still you haven't full control in your asset since your just using an exchange site and for the "email" maybe they got your email because of your using it to register into some other website which if that website got hacked they can get some information that can be use to hacked your email address gladly that you've manage to recover everything, Also not just by passing everything can be done nothing is impossible nowadays or maybe you downloaded some keylogger in your computer,

I use iPad mostly. 

Now that you mentioned it, we all should use a dedicated email address for this kind of stuff.  This way, no other website can stole your information. 

I had a bad story too.

Back on 2017 i've made a very stupid mistake.

When i try to deposit my ethereum on binance, i send it into wrong address.

I think i'm gonna lose all of my ethereum, but luckyly Binance want to send my ETH back and Binance Customer Service is so damn good.

You know what is surprising here is why he even received codes in the email when 2FA is enabled in his account.  Why, can you choose where you want to receive the codes such as email even if 2FA is turned on?  The hacker who knew his login details tried to reset his password.  When you opened your email did it not mark as read?  This means that he will not be able to access even your email to get the codes.  Good thing that even that is already 2FA and the secondary layers of protection work.  Didn't you notice anything unusual about your account activity such as trade history?  So the hacker has not been successful in having full control or access to your account.

If some of your remaining coins are not supported by a hard wallet just use their official wallet because you are almost certain that you will hold your private keys or mnemonic phrases.  Or you can also use some trusted and recognized non-custodial wallets.

It was actually a good story. 

They have a 24-hour no withdrawal function after a password is changed, else, the fund would already be gone.  I reset my password using the forgot password option.  In doing so, they sent me security code to my email and I also needed to use Google Authentication in combination to the security code to reset my password.  That means the hacker need to use the same too.  The Google Authenticator was installed on my old iPhone which usually is turned off.  There is always a risk that the phone stops working because it is semi broken as the old battery expanded and forced the touch screen surface to bulged.  But it is usable.  I cannot reinstall it on my new phone since I didn't keep the recovery key. 

Good point on the "read" email comment.  No, these emails were not read when I saw them and received them.

 

Very difficult to say whether this was an inside job or not. These sort of attacks happen all the time. However you did the mistake by keeping your coins in the exchange wallet. Unless you are a day trader, I don't see any point in keeping your crypto assets in an exchange wallet. I am telling this out of my own personal experience, as I have lost my coins multiple times in various exchanges.

However a few things sound really fishy. OP is saying that the exchange didn't contacted him to move the coins as restrictions are in place for US costumers. The exchange probably sent an email, but it may have landed in the "spam" folder. The fact that the hacker was able to reset the password (is it even possible without Google Authentication?) could mean that either the phone number or the email address was compromised. In that case, it will not surprise me if the hacker deleted some of the emails from the exchange, even before the OP could notice them.

No emails from them that are in the spam box.  I have no problem receiving their support email before they stopped responding. 

Don’t know how they can hack a phone which has the Google Authenticator that is not even turned on.

I had a similar experience with an Exchange. After the Bullrun of 2017 and 2018 i had some of coins parked in Polo... I didnt log in in a while and after a few month i came back, just to see they had delisted a coin.
Well first of all, sure my part was the negligence to hold them on an Exchange after all. A total no go.
But the reason i was really annoyed was, that the exchange didn´t send any E-mail or information out to its customers.
That was a scatchy move.
I since then abandoned the exchange. I use coldstorage and just move coins for trades to an exchange i "trust".
Its time for some good DEX.

Greetings

I hope you did not lose much on that one.  I heard that Coinbase is being regulated by the government closely, but because of that, they are probably more responsible for their customers' coins.  The biggest con is that customers will lose their anonymity.

We all better check our accounts frequently or take the advises from most people - store our coins in hard/cold wallet. 

One of the lucky man. Hacker find your account but failed to steal your money. Some Hackers are very smart and they use linux system for hacking accounts. For this they use malicious or spam files and we click on it cause viral of our information to hacker.
Exchangea are not safe place for token store. Use wallet instead of it.

Every cryptocurrency user needs to be more careful this day because attackers will always come with a different kind of strategy and it better to avoid human error.
The OP issue seems to be an insider man job(someone who know the auth backup code), human error from the OP end whereby the google auth backup is exposed or a problem from Google auth app because some crypto users have also experience the same attack which is the reason why people are advised to use Aegis.

Having said that, I will advise the OP to follow the instruction of not using his exchange email account for any other thing online, save auth backup code offline, set IP restriction and withdraw password etc.

Why were you leaving it in an exchange? When you spend crypto how do you spend it if it is in the exchange. You should know and many people have just posted about it, that is to never keep coins on the exchange.
I really hope you put a link to this post somewhere where many will see it because this is very important. I am glad you got your crypto back shame your heart must be racing. Now you know never to do it again and I hope others will learn from this.

this is very awful , and its good you were able to remove your coins. this attacks could be from some phishing links you might have clicked. an insider wont even need to enter your email to login, however we need to be careful of such exchanges so you need to let us know or hint us.

I do not click on email links.  I always go to the site directly to check if the email message is legit.

I use iPad and iPhone.  They should be safer than Android phones. 

I will repeat what I had mentioned before:
In order to change password, they need 1. a security code sent to my email address and 2. code from Google Authenticator.  The Google Authenticator associated to my account is in an old iPhone which was turned off at the time during the hack.  And I did not even keep its recovery code.

The last email (which I initiated) from them asked me to withdrawal my coins to avoid potential losses.  They told me I cannot trade or exchange, only withdrawal.  I replied to them, but they stopped responding since.  As of today, I still don't know what they meant by "potential losses" and how.



   

It is really better to store your coins in your own wallet. Even if the exchange is a trusted one or top exchange, you have no assurance about the security of your coins. Let us say you are very careful in terms of security of your account, still when your coins are out there, is vulnerable to potential attacks.

Wow, this can be a very rewarding experience and makes us more alert. In fact, when we are careful and try to secure our data, hackers are smarter and they can bypass the security. Really glad that you still can own your assets and move it.

On the other hand, this might be an additional lesson for us at least to check email regularly for emails and notifications from exchanges and monitor them.
Indeed, in this crypto world, nothing is perfect. Of course, there will be a downside and this is what hackers use to steal our assets.

Do you remember something or anyone that saw your Google Authentication recovery key? I've been using it for 6 years and I've not yet experienced nor heard a news that their google auth 2fa was compromised. Nevertheless, this would remind to the members of this forum to take extra caution on their private accounts. Secure them properly and make sure you are the only one that knows it. If possible prevent other people from borrowing your device if you think they are capable of stealing your private accounts.

I don't want to mention the name directly, but it has been mentioned in this thread by others.  You will need to look for it.


I did not keep the recovery key.  At the time of setting it up, I did not even know that we should keep our recovery key. 

Something just clicked.  I am wondering, why did the hacker change the password instead of just transfer the coins out.  Unless they did not really have the code which was sent to my email and the Google Authentication code.  Besides, the phone with Google Authentication installed was not turned on.  Because these codes are also needed to transfer coins each time.

After I pull out my last coin (which is a very small portion relative to the original amount), I will try to contact them using VPN as ask them to investigate.  It is for their own good that they do investigate.  If they don't, it will be their own loss.

for the account problem linked to the email, I think it's difficult to hack because it has to go through verification. and this happens to me when I forget the password on my exchange account, then I have to verify it via email, while my email that I used has been a long time ago and I used a cellphone number that I no longer use, so I can't pass verification. There's about $ 366 in there, can it be saved?

If you are 100% sure that your email/mobile is not compromised, then it is the fault of the exchange. I guess the hacker has made use of some vulnerability within the website, which would allow passwords to be reset even without the email confirmation. Or it can be an inside job (but the chances are even lower). I can see that you have already got the funds moved from the exchange wallet. So it may be good, if you post the details about the exchange. Let them respond to it, and explain how this issue has occurred.

Long time ago I also experienced the same scenario where my account received a request for password reset but good thing is that I haven't made any transactions with the exchange.

I think it's unlikely you'll recover your account but still possible if the exchange is willing to cooperate and if you can show some proof of ownership like signing a message from one of the transactions you used to deposit on your account. I know it's possible for them to disable 2fa but not all of them are willing to do so since it's only inconvenience for them unless there's a fee.

Most of my coins also were already traded because the price has been already increased, there's no sense if I'll still hodl those coins on the highest peak. It's a good welcome for me in the year 2021 so I didn't hesitate to trade my coins and sell all of them since those are potential coins. I won't hodl my coins in any exchange since there are still risks that our account might still get hacked or all of our assets will be gone because of mistakes.

OP isn't yet unlucky as he is in the perfect timing where he Login and read all the notification. Because in some cases, upon Login you will just surprise that the password is already changed. Good thing that there is an email message that saves OP otherwise, he definitely lost all of his assets/coins.

A simple mistake will lead these hackers to take all our coins. This what I worried about before and that it makes me decide not to leave a huge amount of tokens/coins in any exchanger for long days, once deposited I have to trade it ASAP. This is not a practice of many, but what happened to OP will give some hints to the others.

You mean if I mentioned their name in the thread they would respond?  I just added some information to my original thread.  If my email were compromised, why didn't the hack redirect my emails to the junk box so that I won't see them?  Also, how did they by passing my Google Authenticator while the iPhone was turned off and that I had never saved the recovery code (unintentionally) for anyone to recovery it?

By the way, does anyone know how to effectively reach out to them - maybe through FB, Reddit, or other social media sites?

I hope that this happened to you taught you a lesson about centralization. That this centralized exchange even reputable ones, can control our assets in their platform! I mean, I am not generalizing but the fact they it is a website and the custodial liability is in their part, they can do whatever they want. I personally hold certain percentage of my asset and hold it in exchange - for the purpose of day trading, short term trading only. If I decide to hold a token/ coin for a long period of time, I will withdraw that back to my offline wallet. I still have trusted exchanges like Binance but its just that be better than sorry. Government can do anything as long as they want.

Damn, that's quite an experience. Personally I haven't faced such a situation in crypto. I have faced it on Social media though (getting a social media account hacked and then successfully retrieving it back).

There are a few things to talk about here. Reading the comments I got to know that the exchange you are talking about is Binance.
It's a well reputed exchange with a lot of fake phishing websites. May be you clicked some phishing website which you don't even remember.
It happens with the best of us. May be it was an insider job(though the probability is low, it can still happen)
May be someone had access to your devices which were earlier used to login to binance.
May be someone who knows you had planned to hack you

The reason might be anything. Unless you are an active trader it is always advised to store your coins in a custodial wallet rather than an exchange.

It is really good if you are sure with every thing you need on your account and wallet because if the wallet you are using has a good system, you can recover the bitcoin you lost or sent on a wrong address. If you already knew that your email or contact is not on you anymore, you should change it because it might only give you a head ache when you lose all your money suddenly. We should also be careful on typing bitcoin address because it may be the reason why we lose all of our money and we cannot always rely on the features that your wallet has. Even if we have that feature for free, still don't let your guard down because sometimes features like that can have a problem or maintenance. Also the disadvantage of this is anyone who knows your email and password can easily take your money even if you already sent it into another wallet since it is recoverable.

and the error is on the individual each account owner. I still have some coins on the exchange and it's still safe. The most important thing is that you have activated all the recommended security methods such as 2FA security, verification of phone numbers and e-mails. All of this will be very useful for the security of the main exchange account created as a trade. It is true that the risk of being hacked still exists, but we have done our best and remain vigilant. Some of my assets are stored in my personal wallet and it has better security.

You should mention the name of exchange to make others aware of it and don't lose their funds if they have account their.
There is also a possibility that your mentioning your problem here will catch the attention of exchange support and they help you.

That is really iffy and scary at the same time. I also wanted to know why it took you that long of a time to even get back on your precious investments. I know sometimes people go hodl hibernation to relieve them of the worry but it seems as though you forgot you even had them in the first place. Nevertheless I am really glad that you got your coins back, now just be vigilant as hackers are becoming more and more intelligent in taking advantage of unsuspecting investors.

the bypassing of the google authenticator is pretty worrysome

If your coins lose 80% to 90% of their original value, would you want to check your account often?

But how can you keep your asset stored on an exchange and you’re not checking it steady to know what’s up with them? That’s some kind of risk you took there, you really have to be very careful, because exchanges are not really that safe and if you are not careful you can lose your money or they can get hacked and your money is gone. You supposed to be storing in hardware and offline wallets as you’re doing now.

As for the question you asked about  the hacker not moving the funds immediately, I guess maybe he thought he has gotten full access to the account and felt he should keep it for now and withdraw the money later, since prices are going up? I’m just guessing though, but it’s good that you got your money out before stories that touch.

I am relived that you were able to fix the issue on your own. That is a very disturbing experience, what you have experienced there. I am glad that you were able to get all of your cryptos out of that exchange. From the looks of it, somebody is trying to get your coins through illegal means. Only thing I can think of is that it might be a compromised account that was being acessed by someone who know some of your credentials. Of course we cannot say it might be inside job but who knows?

^ I did this before when I was very active in trading back then. I regularly check my balance on the exchange where I left my money as an investment to ensure that there is progress on my investment or something plan how can I recover those losses. Sometimes there are gains but mostly it turns out losses. However, I never withdraw my investment on the exchange if my profit was not there, once I am invested as capital in trading, why not just risk my money for potential ROI. Nevertheless, good to hear about your fund back.

It won’t be because of the price are going up.  Because if they just withdrawal the coins to their account without converting them to fiats, the coins would be as they are. 

It's a good thing that you got your assets back, but be careful next time, there's lot of news nowadays that their wallet is being hacked, the easiest and well-known type of hacking is phishing, many people click some links that can gather all their info, maybe you use your account in online stores since you are in the US, maybe you buy on Amazon and you linked it with your credit card or your PayPal in which you have your full info and that info can be used to open your account. I used google authenticator and sms verification too the phone that I am using doesn't have any apps just email and authenticator for me to prevent hacking.

That is a good idea.  If affordable, use a dedicated phone for Google Authenticator and the email.  The email address should be dedicated for investment accounts only.

I have a sim lock on my phone number so that it cannot be transferred to another devise unless I go to the store in person with valid IDs.

Of course, I agree with you that in most cases it is better not to store your cryptocurrency on exchanges. But let's say, if you are a trader, then it is very stressful, especially when the network is very busy now ...

Dedicated email to register on exchanges right? But still the information can be leaked from exchange or sold by exchange itself since it happened in the past so use email in your primary mobile and the authenticator on separate mobile better consider using Authy which is better than Google Authenticator.

No one is immune from a data leak or breach on an exchange, but the less access to different sites can minimize the credentials  info losses.

I don’t remember if any authenticator beside Google are offered in the exchange.

Google authenticator isn't the only one, there are tons of authenticators available and one of the best is Authy which is available for both Android and IOS which also provides some of the features like desktop version and mobile transfer.

You can choose any authenticator you want, all you need to do is to just scan the codes or enter the provided key to enable 2FA.

The good things is atleast you recovered your assets and you can still trade it in other available exchanges Binance has a well secured parameters to avoid hacking attempts next time if you do not want to ip banned then why not use a vpn a premium one I think this is also use by other US customers as I can read.

Very sad. I suggest you to never put money on small, fake and untrusted exchanges. Only put money in exchange that  has a good reputation in the market such as binance, kucoin, bitmex, houbi etc. Our money stay safe in big exchanges. There are many fake exchanges in the market so we should avoid them.

The exchange he was using was the first one on your list of good reputation exchanges. So the instead of saying trust this or that exchange it should be said to trust no exchange and as soon as you can to get your coins into your custody. Glad that you were able to remedy the situation I'm sure that was a very stressful thing to have happen.

Yes, you are correct on all. 

And it was a very stressful and helpless moment.  At the time when I was trying to get into my account, 4 times had already tried, so only one try away from my account being locked.  And once it is locked I would not be able to get any help because they would not reply to my email nor I can submit a help ticket because US customers are no longer served.  Moreover, even after I successfully reset my password and regained my account, I still need to find solutions to move my coins out.  At that time, I was so stressed out, but I still need to search for solutions and learn how to implement my solutions with different wallets and tools.

Before I figured out where to move most of the coins to, I was also worry that if the exchange would not let me withdraw, if the phone which has the Google Authenticator installed broke for good (since the battery on that phone is bulged), and if the hacker will strike again before I moved my coins out.  I was also racing against time.

Last night I just realized that I could use VPN to set up a new account from the same exchange, move my coins there, immediately convert them to BTC or ETH, and transferred the BTC out to other accounts, ie, a hard wallet.   This would be the easiest way.  Even though doing so may also incur some potential risks.