Bitcoin Forum

Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

Don't know how hackers hack man but I would guess they somehow got hold of the 2fa key which enabled them to make codes. I wouldn't be surprised if it was an inside job.

My LocalBitcoin account got hacked with 2FA enabled and
their staff didnt help me recover or refund anything.  Its
not impossible to get around I guess.

May be you should think about people having access to your 2FA device?
Otherwise, assuming everything is OK with the website where your account was hacked, it must be a trojan on your computer, from which you enabled 2FA. They only need a screenshot of the secret code either in form of a QR code or in text form.

Where you keep your private key for 2FA?
What device you use to generate the 2FA - is that virus free too?
Were your computer and 2FA device virus free when you enabled 2FA?

These are some problems to think about. If all this don't lead to a possible backdoor, then the only solution remaining would be a fraud from the website where you had the money.

never ever keep your GA at your computer too, there is a lot malware that enable a hacker to access our computer, id suggest to put it somewhere else, and btw some malware isnt really detected by antivirus

My private key would be on my Android phone.  The phone is running AOSP and there are just but a few games on there and some Apps I use for day to day.  I don't really see my phone getting infected.
My computer was virus free.  I really can't see myself getting a virus and I do not install malware on my computer.

I don't think I'll trust havelock anymore.  They stopped replying to my E-mails, so I don't think they have any plans of returning my coins.

You need to ask Havelock. Was 2FA disabled? When was your account accessed, and was 2FA code entered?

lets wait til they are done with maintenance to see whats up. this is not good, it needs to be address and dealt with if its on their end. but it could be ur phone as well.  i bought a second  phone just for 2fa , i cut the interweb off and never download any apps. if my act were to be "hacked"  i know its an inside job. its a good investment for ur  investments if ur a heavy investor. anyhow, it will be good for all of us if we figure out if it was ur end or them

Did you do a backup of the initial QRC code?  I always do a backup then PGP encrypt that backup image.  I suppose, if that image was not encrypted then it could've been recovered somehow.

More likely, sounds like an inside job as suggested previously.

I mean, I have other bitcoin accounts.  I have other coins in multiple places.  2FA being on my phone of course.  All those coins are safe and have always been safe.  I don't see why my havelock just happens to get hacked when all my other accounts are just fine.