Be careful with security! I learned my lesson.

[hatshepsut93]

I actually removed my phone number from all my Google accounts, because it seems to be much more of a vulnerability than a security or safety measure these days. It's just ridiculous how easy it is to steal someone's phone number. I use Google 2FA app for all my important accounts, and I hope there's no vulnerabilities in it that can allow attackers to bypass it like the do with phones.

[1714774448]

1714774448

[1714774448]

1714774448

[Steamtyme]

Hey sorry to here. I documented my own recent Fuck up in regards to keeping my coins safe. I wasn't anywhere near the 20K mark, but it stings non the less. Good on you for sharing your info, and moving forward please secure things better. There is tons of information out there on how to keep all of that information as safe as possible, as well as multiple backups you can use. Hopefully you are in a situation where you can rebuild, form here. Don't dwell on it is the best advice I can give, just learn from it.

[tbct_mt2]

So weeks ago I lost over 20k USD in Crypto.

I deeply regret for your big loss.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

Can you tell us where you store your data, please? Did you store them online, on Cloud-storage services, ie.?

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Using throw-away emails for new services when you want to try them.
Using different emails and different passwords for different services.
Don't store all your money on one account, on one service/exchange/ wallet. Decentralize your funds over wallets/services/ exchanges.
Above all, security is most important and "Prevention is always better than cure".

[mk4]

I use Google 2FA app for all my important accounts, and I hope there's no vulnerabilities in it that can allow attackers to bypass it like the do with phones.

Great move from disconnecting your mobile numbers to your Google account. Instead of using Google's 2FA app, you might want to check Aegis authenticator instead though. I made a quick topic about it here: https://bitcointalk.org/index.php?topic=5192978

[cryptoaddictchie]

Is this for real? I'm very sorry to hear that. I just can't believe that this could be possible. How come hackers now can even crack the sim verification on OUR phone well its on our possession unless it got stolen or lost and found by someone who good in hacking.

I appreciate that you share youre experience about that. Many will know that this incident could happened. So I must disconnect all phone attachment on my email just to be safe. I'm disappointed how hackers evolve fast also on doing this kind of stealing.

[acdc]

I am sorry for your loss. We should not rely on a certain type of security, it is best to divide the account into different parts and keep it separate in many places. I never leave the private key and password in one place, the private key and the password are always shared in many places. Besides, the private key of the most wealthy wallet was written down 2 pieces of paper and stored in the most reliable places.

[Findingnemo]

If it is not a case of phishing email than what could be other ways except a known person?

Another way of getting bypass 2FA is SIM swap this will work only is the actual owner of that number lost access to it or lost mobile, so scammer doesn't need physical access to the mobile.

[mk4]

Another way of getting bypass 2FA is SIM swap this will work only is the actual owner of that number lost access to it or lost mobile, so scammer doesn't need physical access to the mobile.

Not actually. It can work even if the owner of the mobile number still has access to his/her mobile number. The hacker can still gain access if the hacker did his/her social engineering well enough to convince the customer service representative of the telecommunications company that the victim is registered on. People are honestly underestimating this attack.

[dewin]

Damn, feel sorry for you. Storing any important data online is very risky. However there are opportunities to recover stolen funds by some companies. The key is to find reliable one like Coinfirm, they handles strictly with reclaiming stolen cryptocurrencies by wallet verification and are working on a new blockchain system for PKO Bank Polski- one of the biggest banks in Eastern Europe.

[Lucius]

It sure is really surprising. Not saying that high rank & early registration date = smart, but you'd really expect a bit more security awareness from someone who's been in the forum for some time already. My guess that in the case of OP, it's more of the "ehh, no ones going to hack me" reasons. Because hot damn storing very very sensitive information on an email account is a very very very novice move.

I don't consider myself to be a great security/crypto expert, but over the years of using the internet/computer and by reading/posting on this forum I have learned a lot of good and useful things, I try to apply them in the best way possible. I'm not surprised when things like this happen to a beginner, but experienced members should not allow themselves something like this.

I always consider myself a potential target, by those I know and by strangers lurking across the internet. They're always looking for ways to get their hands our coins, and those who are not constantly alert will remain short-sleeved sooner or later.

[lobat999]

I actually removed my phone number from all my Google accounts, because it seems to be much more of a vulnerability than a security or safety measure these days. It's just ridiculous how easy it is to steal someone's phone number.

I think this is a good information to boost our security and now I have plans to do the same in the upcoming days since it makes sense that I think it could significantly lessen any attack vector that the attackers would use to do a security breach on our systems.

Instead of using Google's 2FA app, you might want to check Aegis authenticator instead though. I made a quick topic about it here: https://bitcointalk.org/index.php?topic=5192978

Thanks for this tip. I think this app is a great alternative to Google's Authenticator and Authy and I find it having a good balance between security and functionality. Will try this asap.

[fabiola!]

Err. We literally had the past few years flooded with news of funds getting stolen due to carelessness of the holders. Not sure how this is still happening knowing that you're on Bitcointalk, which is pretty up to date with hackings and breaches. A lot of people have been very very very vocal about security.

Oh well, painful mistake for you I guess. Look at the bright side. While 20k is a good amount of money, better learn a hard lesson losing the $20k rather than learning your lesson when you already have like $100k+ or more. Best of luck moving forward.

i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson

[agentx44]

So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

It should be one of your main priority as you enter investment in crypto. All of the things you are working hard for will go to waste if you are going to be careless with your security. There are a lot of stories here already narrating how they ended up loosing all the money they have as they avoided paying attention on the safety of their keys. If you know you are having a hard time on being a responsible investor, you should avoid storing large amount of money in your hardware wallet to avoid massive loss of money and regrets.

[mk4]

i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson

In OP's case, it really doesn't matter what wallet he's using. Even if OP's using the most ultra securest hardware wallet in the history of mankind, it still wouldn't really matter if the mnemonic seed was written down or stored somewhere not-so-secure and easily-accessible-for-hackers as an email account.

[Magkirap]

i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson

In OP's case, it really doesn't matter what wallet he's using. Even if OP's using the most ultra securest hardware wallet in the history of mankind, it still wouldn't really matter if the mnemonic seed was written down or stored somewhere not-so-secure and easily-accessible-for-hackers as an email account.

When we are online we should always keep in mind that we are public and we are connected to every people around the world so every information we have stored online isn't 100% safe so it is really true that no matter how secured your wallet is if the key into it is stored and placed somewhere isn't secured then your like giving away money to hackers.

[BitcoinsGreat]

So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

Even with the 2fa SMS or Google Authentication, you need to enforce some of your own precautionary measures.

1- Keep a separate email for exchanges / online crypto wallets and never display that email on social media etc so no one will know that email belongs to a person who holds the crypto.

2- Writing down secret keys on a paper is also risky, even if you do ,then make them duplicate and also do not write the code in a sequence.

3- Keep the backup codes for 2fa in a separate place because you do not want yourself to be locked out if you ever lost your 2fa device.

[Hellkas]

Really sad story and I hope that it wasn`t your last money. I have similar case when I was keeping my private key in Word file (yeah, I`m fool) and then someone hacked my computer, because I downloaded untrusted app. Fortunately, I didn`t keep a lot of money on that wallet and I lost not much money, but since that I`ve been keeping everything on paper in secret place)

I suppose that many newbies are careless so we need to make treads like this to teach them how to keep money safely

[Velkro]

Don't use sim verification ever it's pointless there are multiple ways to break it.

I wouldn't advise that. I would advise to use all security possibilities there is. If SMS verification can be "hacked", so be it, but its a one more barrier that must be defeated before your funds will be endangered.
Many times news writers give some of defenses to public knowledge to let hackers try other defenses of theirs. Always they end up with many problems/got hacked coz they wanted it, lowered defenses on purpose.

[nutella_11]

Great tips and thank you for that. I totally agree that storing your funds in the hardware wallet is the best way. Cold storage only. Moreover, it's good to take care which cryptocurrency exchange do you use and how safe it is. Use only a reliable ones, like for example Kraken, CoinDeal or KuCoin.

[Kprawn]

So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

You already made one mistake by storing your Crypto information online and you are about to make a second mistake by following your own

advice, namely : "Write down on paper secret codes & keys." Just remember one thing, paper is a very vulnerable material and it can get damaged

by water, direct sunlight and even someone cleaning the house and throwing it away by accident. If you have to write or print it, make sure you

laminate it and store it away from direct sunlight. Also make sure you have duplicate copies and it is stored in 2 or more separate locations for

some redundancy. <Your house might burn down>