Show Posts
My CEX account has been hacked like a baby and all the coins withdrawn. And of course, I was to blame by CEX for everything that went wrong.
It looks like someone accessed my email password and using it logged into CEX account - transfered all the coins into BC and withdrew into a BC wallet. Gone just like that! Moreover, thehackers have cancelled 2FA, and all the notifications about activities went only per email - directly into the hands of happy hackers that were waiting for them to delete instantly before I see something is going on.
If only CEX had an SMS notification that major security changes are being done to my account (like cancelling 2FA!!!!!!!), I had a chance to react. But not with CEX!!!
The hotline only appologized and said that they see activity done by a secret IP, but all the coins that were withdrawn are irreversibly lost. Of course, they said, I can file a report with the police, and only after than they will actually investigate it properly. What the hell. The coins are gone forever and they do not plan to reimburse anything. And of course, I was given to understand that it was my responsibility to keep my password private - as if I am walking around and sharing it in a bup with strangers, knowing I have all of my investments tied up to it. What the hell.
So, I highly recomment NOT YO TRADE on CEX. If only someone gets access to your email password, which happens super easy if a professional hacker gets after you, you will lose everything you have on CEX before you know. CEX HAS NO extra security features to prevent fraudulent activities in case your email password is stolen. Come and get it! Door is open.
It is really annoying, because even with social networks where I do not store a penny or any credt card into, if only their system detects unknown or unfamiliar IP or new location, I get notified like hell through SMS, my account is blocked until I provide extra security code....but not with CEX! Come and take it!! And all you get from CEX - formal appologies for inconvenience and a reco to go to your local police. INCREDIBLY POOR CRISIS MANAGEMENT!
I will share this story on every single forum, because people have no clue about teh huge danger their money is in because CEX has such a HUUUUUGE gap AND does not feel responsible in from of victims at all other than sharing appoligies!!! Thanks a lot, but save the formalities.
It looks like someone accessed my email password and using it logged into CEX account - transfered all the coins into BC and withdrew into a BC wallet. Gone just like that! Moreover, thehackers have cancelled 2FA, and all the notifications about activities went only per email - directly into the hands of happy hackers that were waiting for them to delete instantly before I see something is going on.
If only CEX had an SMS notification that major security changes are being done to my account (like cancelling 2FA!!!!!!!), I had a chance to react. But not with CEX!!!
The hotline only appologized and said that they see activity done by a secret IP, but all the coins that were withdrawn are irreversibly lost. Of course, they said, I can file a report with the police, and only after than they will actually investigate it properly. What the hell. The coins are gone forever and they do not plan to reimburse anything. And of course, I was given to understand that it was my responsibility to keep my password private - as if I am walking around and sharing it in a bup with strangers, knowing I have all of my investments tied up to it. What the hell.
So, I highly recomment NOT YO TRADE on CEX. If only someone gets access to your email password, which happens super easy if a professional hacker gets after you, you will lose everything you have on CEX before you know. CEX HAS NO extra security features to prevent fraudulent activities in case your email password is stolen. Come and get it! Door is open.
It is really annoying, because even with social networks where I do not store a penny or any credt card into, if only their system detects unknown or unfamiliar IP or new location, I get notified like hell through SMS, my account is blocked until I provide extra security code....but not with CEX! Come and take it!! And all you get from CEX - formal appologies for inconvenience and a reco to go to your local police. INCREDIBLY POOR CRISIS MANAGEMENT!
I will share this story on every single forum, because people have no clue about teh huge danger their money is in because CEX has such a HUUUUUGE gap AND does not feel responsible in from of victims at all other than sharing appoligies!!! Thanks a lot, but save the formalities.
Dear coin88888888,
Thank you for sharing your experience and for bringing our attention to your case.
We truly understand the meaning of security and we offer all necessary measures for users to protect their accounts. Accounts are protected not only by email\password combination but also by two-factor authentication.
Additionally, email notification informs a user about any important activity on the account. In some specific cases, confirmations to emails are necessary in order to complete transactions.
Unfortunately, if user became a victim of phishing, it would make an account highly vulnerable for any kind of fraudulent activity.
CEX.IO is not responsible for a personal email account breach.
We cannot leave your case aside, so we kindly ask you to provide us with your ticket number or to submit a complaint using the following web form:
https://support.cex.io/hc/en-us/requests/new
This will allow us to investigate your situation more precisely.
Looking forward to hearing from you soon.
I reported the case that same very day. Do you think I would come and talk about it on the forum if I didnt speak to the hotline and didnt get dissapointed with what the hotline told me? Come on.
I fully understand CEX is not responsible for my email account breach, but I cannot understand how CEX made it possible for the hackers to cancell the two-factor authentification without even notifying the account holder per SMS about majour security changes taking place on his account, while he or she is probably away. If CEX is so fully dependent on security of client's email accounts, how come it even offered 2FA to begin with? Because CEX assumed emails are not enough. However, it made it very easy for email hackers to cancell the 2FA. A single SMS to the account holder about security changes could have prevented these kind of frauds. That is why I am so frustrated at CEX - not that the funds were stolen, but that they were stolen so damn easily and unreasonably.
Thousands and thousands of email accounts are hacked everyday, but I never heard victims complaining that their bank accounts were drained next day only because their email passwords were hacked. This is happening because the banks always assume that the email accounts could be broken into and they always use 2FAs even to remove a 2FA. But CEX screwd it and instead of admitting it's own security gap, keeps blaming the victims for CEX's security neglect.
And this is why we come and complain on forums because we hit a totally deaf ear. My experience - CEX is not concerned about client's fund security as much as own short-term profits.
P.S. I haven't received a single update on the course of investigation either, while it has been 3 months already. I can imagine why. Why make your own security flaws so obvious and why take a shared responsibility for it.
