That's why I like triple authentication, and even more measures for withdrawals.
Well except I need to get some corn from Poloniex and they can't match my face with my passport, I need to get a haircut I guess.
Sometimes it can be unclear what kinds of shenanigans can be done, even without withdrawal permissions for example.
I recall in early 2017 when my phone was sim swapped, and sure there were other factors besides just the sim swapping, but one thing led to another and various accounts compromised including e-mails and surely the target was bitcoin or any other shitcoins that might have been present (I don't recall having any shitcoins at that time). One of the exchanges that they had gotten access was called BTC-e - and they had a policy of freezing withdrawals for 2 days after any password changes, so the hacker that got into my BTC-e account could not withdraw but they could trade, so pretty much what they did was that they maximized the purchase of an illiquid shitcoin called Novocoin (or something like that), and then they used all of the dollars on the account and all of the BTC to buy Novocoin.. and they dumped all of the Novocoin that they had purchased all at once and then they rebought at some point after the dump, and they did that several times for about 1 hour and 20 minutes, and then my account got locked so they were no longer able to engage in that trading. The account went down about 1/4 in value during that time. They traded the account to lose 3/4 of its value in about 1 hour and 20 minutes. I imagine that they somehow profited by being on the opposite side of those trades... so they moved the price of that illiquid shitcoin called Novocoin.
On my Coinbase account, they withdrew from one side of it and they seemed to have overlooked the other side (the coinbase pro side). So they withdrew all of the bitcoin, which would have ONLY been about 1/3 of the total value of the account.. and so thereafter, there were several attempts to get back into that coinbase account.. and also to use other little tricks with one of my e-mail accounts. that they continued to breach. Coinbase had actually helped me to migrate that value into another account, and then 6-9months later Coinbased forced me to close my account (whether related or not, who knows? they did not exactly give me any reasons why they forced me to close that account.. those fucks.)
Since I am on a roll, I may as well tell about a few other accounts that were compromised. My Bitstamp account sent me an e-mail that said that my password had been changed and if it was not me, then I should click on the button.. which I did.. and supposedly the account was locked.. but the funds were gone when I got access to the account.. they did not even take 15 minutes to drain the account... My Gemini account did not get lose any funds, but it took me a couple of months (maybe even 3 months of uncertainty) to regain access, so I was sure that there was not going to be any value in that account when I got access to the account back. My Bitfinex account did not lose funds either.... I had a few other accounts that lost funds, and I am not going to disclose more specifics on those... so yeah, it can be quite stressful and frustrating to go through a sim swap situation and quite a bit that can be done with a short time of access to accounts and then even some difficulties to get them out when they have embedded themselves into your identity...maybe there have been some improvements in the past 4-5 years - even though I heard that sim swaps had continued to be a pretty BIG problem.. and likely a quite lucrative business for those with hacking skills..
Regarding extra measures of course the hackers are likely to go for the easiest targets first so various extra measures can be enough to put enough roadblocks to make it quite a bit harder to break into the account rather than the accounts that might have very few security measures, but if they can confirm a kind of high value in a particular account location, there may well be extra incentives to spend more efforts on breaking into that particular account.. so for example, even once I had gotten my coinbase account back, there were frequent efforts for some hacker(s) to continue to try to get into that account, and likely the reason related to already having information about value having had been in that account..so there was likely some consideration that it was a potentially worthy target.
So they have the phone number
they may have hoped a simple 2fa text would have given them full access to the coins and cash at coinbase. And switching the email. But with my security settings not being 2fa linked to the cell associated with coinbase it was a no go.
So don't use 2fa.
Thank god as I had BTC and $$$ to hurt
I don't know if the take away should be to NOT use 2fa.. because if you do not have 2fa set up, then the hacker(s) might be able to set 2fa up in your name, and then it could take longer for you to regain access to the account or the hacker(s) might be able to withdraw easier once they set up 2fa in your name...
That also reminds me of some kind of rule that exists in the USA.. I am not sure if it still exists, but one of the frustrations of the phone companies was that if someone comes to the phone company with a phone number and an account number they have to allow them to port the phone.. .. and sometimes they can get the account number that is associated with that phone by getting into the online account.. or they might get it through the e-mail that might have the phone account number if some statement might come by e-mail or through text...so sometimes there can be some additional measures that can be taken to protect the account number, even if the phone number is known but they do not know the account number...sometimes there can be some other ways to protect that account number too.. for example if the account number might be in another person's name... We can infer that hackers spend a lot of times on various kinds of work arounds, especially once they have some information about you, then they can find out other information, and if they have a few pieces to a puzzle, then they can perhaps use those pieces to get other pieces before they even employ the BIGGER attack.. .. such as attacking an account with value and for sure any kind of bitcoin or crypto would be valuable to the extent that there might be some irreversibility once the transaction is sent... so they can work pretty fast once they actually get into an account that holds bitcoin or crypto value.. dollars would not be valuable except that they would trade them into whatever coin they are using to withdraw as quickly as they can before they get locked out.
Poll
