0.6495 BTC ($ 15,000) was stolen from me on Binance

[anjdele]

On the night of 12/14/20, all my placed orders were sold at the market price and transferred to someone's bitcoin address. 12gV8aiTrtLPnvC15xsoq3pwPmWBye4GFn

I use google authenticator.
Also, I have not received an email confirmation of the transfer of the stolen funds.
I do not use any trading robots.

Binance support team communicates very reluctantly and in a pattern like a robot. The only thing they advised me was to contact the police. Since I don't have personal verification, this doesn't make sense. I don't have a KYC and I think this is the whole reason for stealing my coins.

Anyone who does not have KYC and holds a large amount on the exchange will definitely lose their entire deposit. It's just a matter of time.

Take care of yourself.

https://i.ibb.co/Xx85zBb/Binance.png

[1714117106]

1714117106

[1714117106]

1714117106

[1714117106]

1714117106

[1714117106]

1714117106

[1714117106]

1714117106

[dkbit98]

Someone probably hacked your account or you leaked your login details email and password, and I think you didn't use 2FA on your profile as last line of defense.
With proper 2FA (not sms) this would be very hard to accomplish for anyone, but using any centralized exchange is always a risk.

[suchmoon]

Someone probably hacked your account or you leaked your login details email and password, and I think you didn't use 2FA on your profile as last line of defense.
With proper 2FA (not sms) this would be very hard to accomplish for anyone, but using any centralized exchange is always a risk.

OP said they use google authenticator, which is "proper 2FA".

It feels like there is some piece of this story missing. No e-mail confirmation... bypassed 2FA... Binance is quite shitty these days but not that shitty.

[anjdele]

Someone probably hacked your account or you leaked your login details email and password, and I think you didn't use 2FA on your profile as last line of defense.
With proper 2FA (not sms) this would be very hard to accomplish for anyone, but using any centralized exchange is always a risk.

You read my message very badly. I always use 2FA and I have never used SMS.

[Darker45]

This sounds creepy.

Was there anybody who made access to your PC or laptop recently? Or perhaps was there any instance you provided your Binance or email data to anybody? Anybody could delete confirmation emails to make it look like it didn't happen.

But, regardless, I'm bothered how something like this happens, possibly surpassing KYC and email confirmation. I doubt it is Binance itself which stole your BTC, though.

The sad thing about this is that Binance is probably not going to start an investigation over 0.6495 BTC. Why don't you reach out to them through another access point? Who knows, someone might provide you a different response other than reporting to the police?

[suchmoon]

Was there anybody who made access to your PC or laptop recently?

Or more likely - phone (because 2FA).

[2xHR]

Your phone has a malware because Binance always send an email to confirm a withdraw, it's automatic. it means the guy had access to your email account which I'm pretty sure is gmail and I guess you also read your emails directly on your phone so did the robber and the email has been deleted. Same for 2FA. (If you use gmail you can ask the google support to recover deleted emails maybe and you'll see all of this if they allow you to recover them)

Next time when you use 2FA, use a special device that is never connected to the internet except to synchrony the clock sometimes.

Good luck.

[NeuroticFish]

OP, I'd say that possibly your mail account got hacked and maybe you got the mail, but maybe it was deleted.
Also, do you keep any backups of your 2FA seeds? And if so, where? (i.e., is it online/computer/cloud/mail, or is it on paper?)

Until now the hacked phone sounds most plausible. Is it also rooted by chance?

[Lucius]

The OP also shared its story on Binance Reddit, and there got an answer about what actually happened. Lest anyone think that I am defending Binance in any way, but in most cases such hacks happen mostly due to user errors - and this seems to be the case here as well. The whole case comes down to the OP email being compromised, and in the case of 2FA it is also possible that the device is infected in some way, or that the OP has stored the 2FA recovery key in digital form without any protection.

symbiotic_bnb
Score hidden 23 hours ago Stickied comment · edited 23 hours ago

Certainly an unfortunate situation. However, although it may make you feel better, coming to social media and misleading others will not magically bring your money back.

Not only did we send you e-mails for the withdrawal confirmations, but we sent you an e-mail alerting you to a login from a new IP address, as well as an e-mail confirmation for the new device. The reason you think you didn't receive these e-mails is simple: the attacker has access to your e-mail account, although you seem not to realize it yet. They can set filters to immediately delete our e-mails (to hide them from you) or forward them to other e-mail addresses.

Furthermore, for your 2FA to have been "bypassed," either a device of yours with the 2FA app was compromised, or you stored your recovery key digitally and the attacker was able to access it. You would not be the first to store the recovery key in your e-mail account.

Whether or not you have completed KYC should have little bearing on pursuing this case with law enforcement, and if you are unwilling to pursue the case with the relevant authorities, it is unlikely you will see the funds again. Binance cannot compensate you for your own security issues, but we will be happy to assist law enforcement with their investigation by providing data associated with your attacker.

Edit: As a courtesy, I took a quick look at the fund flows. It appears that all of the funds were sent to the Kucoin user with deposit address bc1qax5zvfqh0gexl09n0tjet33c9xhckgrntgru7v.

[bL4nkcode]

The OP also shared its story on Binance Reddit, and there got an answer about what actually happened. Lest anyone think that I am defending Binance in any way, but in most cases such hacks happen mostly due to user errors - and this seems to be the case here as well. The whole case comes down to the OP email being compromised, and in the case of 2FA it is also possible that the device is infected in some way, or that the OP has stored the 2FA recovery key in digital form without any protection.

This amount of money is life-changing to anyone. And assuming this money came from hard work in rl jobs, this is so frustrating.

This should serve as a lesson whether you use a non-custodial wallet or an exchange. 2fa recovery keys should be treated as important as your crypto recovery seeds and private keys especially if this 2fa recovery key is for exchange or custodial wallet.

[The Cryptovator]

It's quite surprising, bypassing email verification and Google 2FA is not an easy task ever. It's only possible by compromise your device, or as mentioned by other users, saving the 2FA key into the mail. I don't think Binane will cheat for such an amount. I am not defending Binance but never heard Binance cheat someone this way. The attacker got both access, email, and 2FA key.

Sorry for your loss, the amount is quite bigger.

[as.exchange]

With the use of the same IP (and location) Binance and other common exchanges would soften the typical login authentication requirements and checks. However, if you use 2FA, it still would be used even if you use the same computer and if you LOGGED OUT from your account before closing your session. If you didn't log out, someone could do that having remote access to your computer. Moreover, if someone somehow really didn't have remote access to your device, 2FA still can be bypassed (check Google - there's plenty info on that, and on darknet even more).

Despite all above, you still must call police and file a case (even if you didn't have KYC, etc.) Yes, they will be lazy and sloppy but if you push hard - you have chances to win the case, and let them do their job (they get paid for that). In some countries if the amount is big enough (like in China) police cannot help, but only the court. And court can help also actually as with the cases in China (where trading in crypto is illegal, and Bitcoin doesn't have a status of money or asset), courts did help to some people to get back their crypto-funds which got stolen.

That's really horrible story, and in any case you shouldn't get depressed over it - whatever happens is always for the best (even if it seams horrible now) - you will learn lessons and might get better opportunities or meet very useful people who might change your life, because of all these events; you should act and fight for your own money, and never give up!

[Lucius]

I’ll never say that crypto-exchanges don’t make sense because of course that’s not true, but if you’re not an active daily trader then it really doesn’t make sense to keep that amount in your account, even if we think something like 2FA protects us. Unfortunately, most users are pretty unaware that there is a way to get around any protection, and hackers are getting smarter day by day - why engage in physical robbery when you can steal something online and if you have a little brain you will never be found.

Yet even though online wallets are the biggest risk, even if the OP had its BTC in some desktop/mobile wallet it could fall victim to fake wallets or clipboard malware. Either be one step ahead of the hackers or you will become a victim, it is only a matter of time.