Set your exchange in password or biometric before withdraw.

[Odogwu-Blockchain]

It's been long I withdrew from Binance and kucoin, but what I know is that, Binance allows the these three verification before withdrawals, email code, 2fa and withdrawal password if I can remember well. This victim had everything logged in on his device and that the scammers knew it already.

The scammer isn't far away from the owner but a close friend or relatives who knows much about his Binance or kucoin details.

[The Cryptovator]

I am finding it hard to understand how your friend's phone was stolen. Even the phone lock wasn't active? I don't think any crypto users haven't been using screen lock. Also the screen lock won't break in a sec; it would take time, and the owner would change the exchange password through some other mobile phone to protect his funds. I know it's important to set up an extra layer of security for your exchange account. But the story you wrote here looks like a weak script. But I agree users should use an extra layer of security.

When I lost my phone, first of all, I reset my email password through another mobile. Then reset all the exchange and other financial apps' passwords. But yes, I had added extra layers of security like passcode and fingerprint as well. And everything I restore on my new device later. Also, we can whitelist the address where extra layer security isn't necessary, so the thief will not be able to move funds without a whitelist address. Definitely it's better to store two-factor authentication apps on different phones if possible. So you will be safe even if you lose a phone. But remember, you must always use screen lock and have to reset everything through another device to protect funds in case of lost phone.

[TastyChillySauce00]

I only use one Android device for trading and storing my savings, even if it's only a small amount. I'm very worried that combining a phone for one purpose calling, social media chatting, and browsing would be careless and could allow someone with malicious intent to break into my exchange account. So, for security reasons, I decided to use an one Android phone to access Binance. I also added the Google Authenticator feature for all my logins and transactions on Binance. I think it's very dangerous to use one phone for every need. Adding additional features like biometric passwords is mandatory as a form of vigilance against any potential cryptocurrency transactions.

If I were using android phone I'd worry more about the manufacturer inserting bloatware and potentially malicious software, I'd be using yubikey for 2fa honestly. Your idea about separation of concern is actually good.

One phone for banking related stuff, other for entertainment. It's the best combo. I also do the same.

[Oneandpure]

If I were using android phone I'd worry more about the manufacturer inserting bloatware and potentially malicious software, I'd be using yubikey for 2fa honestly. Your idea about separation of concern is actually good.

One phone for banking related stuff, other for entertainment. It's the best combo. I also do the same.

Its excellent ideas one phone for mobile banking and all exchange account and another phone using for entertainment until for us working at online, not matter how many app installing and sent a lot of fake email still not make our mobile banking and all exchange data loss because separation device make more secure. Losing phone nowadays many people have smart and know well with cryptocurrency not difficult to stole our bitcoin fund.

So if you have two mobile phone use one only for banking and installing all exchange app require for trading, its make us not worry when watching movies and enjoying entertainment due many fake link sent to us but our mobile phone without any important data save there. But for exchange account have completed all securing way like 2FA, biometric and set up email OTP for withdrawing fund in exchange account.

[Achalugo BTC]

The very first mistake your friend made was to install the authenticator app on the same device with his crypto exchange. He should have installed the authenticator app on a different device for security purpose. And again, how did the person who stoled your friends phone unlocked the phone? Or was the device not locked before the person stole it? However, even though you used biometric to lock your CEX exchange, you can still hack to it so long as they have access to the email. This is why it is important not to install crypto wallet in the same phone we use. Because if a smart person with bad intentions have access to it they can wreck your crypto wallet ASAP.

I totally agreed with you, it's not really advisable for one to have 2FA and exchange on the same phone, it should be on different devices just as you said earlier, because it reduces the risk if it's being snatched.
And the way scammers are growing in knowledge of learning new techniques of hacking and scamming people everyday also needs us to be very careful, do the necessary adjustments and ask questions in areas one don't understand in order to be at a safer side.

[hafiztalha]

The very first mistake your friend made was to install the authenticator app on the same device with his crypto exchange. He should have installed the authenticator app on a different device for security purpose. And again, how did the person who stoled your friends phone unlocked the phone? Or was the device not locked before the person stole it? However, even though you used biometric to lock your CEX exchange, you can still hack to it so long as they have access to the email. This is why it is important not to install crypto wallet in the same phone we use. Because if a smart person with bad intentions have access to it they can wreck your crypto wallet ASAP.

I totally agreed with you, it's not really advisable for one to have 2FA and exchange on the same phone, it should be on different devices just as you said earlier, because it reduces the risk if it's being snatched.
And the way scammers are growing in knowledge of learning new techniques of hacking and scamming people everyday also needs us to be very careful, do the necessary adjustments and ask questions in areas one don't understand in order to be at a safer side.

Many people are not using strong passwords to withdraw their money and this is not good thing and biometric security depend on device and exchange but 2fa is widely recommended. There are many authenticator apps which could be used for that purpose and hackers usually target individual user account not entire exchange. So people should make more security as they can because of they will make their security strong and will not give any detail to his friend then they will not be able to withdraw your money and you will be safe because strong security help prevent unauthorized withdrawals regardless of whether hacker admit qttack or not . Keeping funds safe is responsibility of each trader . People are making the traders and they are earning and  they want to flex with other people.

[Cyber_warrior]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

Sorry for the loss, but if I can remember so well, you will need at least two verification before you will be able to withdraw from KuCoin. Firstly you will be needing your trading password, and your google authenticator, or OTP will be sent to your mail, so if the person can access the google authenticator since it’s on the phone, how did the person access the trading password? Or is it written on somewhere on the phone?

I don’t know what Binance do request for before you will be able to make withdrawal because I do make use of facial identification, but if you are not using that, I don’t really know what they will be requesting for before you will be able to make withdrawal.

The person that stole your friend’s phone, how did the person get to know your friend’s phone password, or is it that your friend didn’t protect his phone with any password? But I know most people do lock their phones.

[iBaba]

It's been long I withdrew from Binance and kucoin, but what I know is that, Binance allows the these three verification before withdrawals, email code, 2fa and withdrawal password if I can remember well. This victim had everything logged in on his device and that the scammers knew it already.

The scammer isn't far away from the owner but a close friend or relatives who knows much about his Binance or kucoin details.

I want to believe most of the cases like this are as a result of what you said. The scammer is someone close to the victim and that’s why he could break all the security protocols that are used for the account then get access to withdrawals. Binance has a passkey option still backed by a 2 factor authentication generated from an authentication app, you cannot completely login or even withdraw funds from the account without undergoing these security checks yet someone would say he was scammed by bridging those steps, I used to wonder how I'd not someone that’s close to you?

[Achalugo BTC]

Many people are not using strong passwords to withdraw their money and this is not good thing and biometric security depend on device and exchange but 2fa is widely recommended. There are many authenticator apps which could be used for that purpose and hackers usually target individual user account not entire exchange. So people should make more security as they can because of they will make their security strong and will not give any detail to his friend then they will not be able to withdraw your money and you will be safe because strong security help prevent unauthorized withdrawals regardless of whether hacker admit qttack or not . Keeping funds safe is responsibility of each trader . People are making the traders and they are earning and  they want to flex with other people.

Exactly, keeping funds safe is very important because one won't be afraid of losing their funds into the hands of the hackers.
That is why its essential for people to use a very strong password that will keep their funds safe and away from hackers, which is important that they should also ask questions in things they are not familiar with , which will help them in actualized their goals but can only be done if they apply their wisdom and understanding to it, which can help by motivating.

[Dynamite++]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

alright thanks for this thread, cause I too currently am only using authentication code, no password or biometrics verification. I would change my right away, and once again thanks for this thread you just save people who would have fall to the same fate as your friend.

[Strongkored]

Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

I only have one exchange app, and it doesn't automatically log in. I still have to enter a password or use my fingerprint if I've already done biometrics.
So I'm confused by this story. How did the thief get into your friend's account? Also, I think if he stole it, his first target would be a bank account, not a crypto exchange account, because stealing from a bank account is easier than crypto, even if your friend reports it to the bank, it is unlikely that the bank will investigate this case and transfer the funds that have been transferred to the thief's account, unlike crypto where the thief must understand crypto
But whatever the case, I hope your friend didn't leave a lot of funds on the exchange, and this serves as a warning not to store your coins on exchanges.

[DanWalker]

Sorry for the loss, but if I can remember so well, you will need at least two verification before you will be able to withdraw from KuCoin. Firstly you will be needing your trading password, and your google authenticator, or OTP will be sent to your mail, so if the person can access the google authenticator since it’s on the phone, how did the person access the trading password? Or is it written on somewhere on the phone?

I don’t know what Binance do request for before you will be able to make withdrawal because I do make use of facial identification, but if you are not using that, I don’t really know what they will be requesting for before you will be able to make withdrawal.

As far as I remember, Binance does not have trading password like Kucoin or Gate. Instead, each time you withdraw money, they will ask for verification using an OTP code from a two factor authentication and email, or simply by using facial identification

Besides, I guess he might have saved his password and important information on his phone using password management app. Therefore, once a thief can unlock the phone, they can easily obtain all the necessary information

The person that stole your friend’s phone, how did the person get to know your friend’s phone password, or is it that your friend didn’t protect his phone with any password? But I know most people do lock their phones.

As some members have pointed out, it is very likely someone close to him. Only they knew his phone password and other information so clearly.

[Roseline492]

Its excellent ideas one phone for mobile banking and all exchange account and another phone using for entertainment until for us working at online, not matter how many app installing and sent a lot of fake email still not make our mobile banking and all exchange data loss because separation device make more secure. Losing phone nowadays many people have smart and know well with cryptocurrency not difficult to stole our bitcoin fund.

So if you have two mobile phone use one only for banking and installing all exchange app require for trading, its make us not worry when watching movies and enjoying entertainment due many fake link sent to us but our mobile phone without any important data save there. But for exchange account have completed all securing way like 2FA, biometric and set up email OTP for withdrawing fund in exchange account.

Buying different phones will be difficult for most people because they believe one can do everything and security any asset they have. Phones is electronics and apart from being on it also needs to be use all the time than just buying to keep it somewhere, having different phones doesn't chase away scammers even if your email is not on that phone but so long as the email is connected with your account it doesn't matter which phone is log in with it, you could still see the same problem you might have seen while using one phone but however different phones only give you freedom of negative assumptions if is in possession of another person since is not were your Bitcoin is.

[Bobrox]

Sorry for the loss, but if I can remember so well, you will need at least two verification before you will be able to withdraw from KuCoin. Firstly you will be needing your trading password, and your google authenticator, or OTP will be sent to your mail, so if the person can access the google authenticator since it’s on the phone, how did the person access the trading password? Or is it written on somewhere on the phone?

I don’t know what Binance do request for before you will be able to make withdrawal because I do make use of facial identification, but if you are not using that, I don’t really know what they will be requesting for before you will be able to make withdrawal.

The person that stole your friend’s phone, how did the person get to know your friend’s phone password, or is it that your friend didn’t protect his phone with any password? But I know most people do lock their phones.

Kucoin exchange market have unique feature when trading we must set up PIN firstly and not allow with other exchange market, but for withdrawal fund keep needed email verification code and using 2FA already linked to exchange account. Right now many exchange have additional security if the scammer change the password account will be freeze for withdrawing until 24 hours later and its good feature if some one get hack with their account.
If some one loss mobile phone actually the exchange account keep appear if login trough APP, I used Binance APP and account keep existing for long term and linked 2FA, email at the same mobile phone easily for some one withdrawing your fund if not set up biometric or using PIN code to withdraw fund at exchange account.

[dunfida]

Sorry for the loss, but if I can remember so well, you will need at least two verification before you will be able to withdraw from KuCoin. Firstly you will be needing your trading password, and your google authenticator, or OTP will be sent to your mail, so if the person can access the google authenticator since it’s on the phone, how did the person access the trading password? Or is it written on somewhere on the phone?

I don’t know what Binance do request for before you will be able to make withdrawal because I do make use of facial identification, but if you are not using that, I don’t really know what they will be requesting for before you will be able to make withdrawal.

The person that stole your friend’s phone, how did the person get to know your friend’s phone password, or is it that your friend didn’t protect his phone with any password? But I know most people do lock their phones.

Kucoin exchange market have unique feature when trading we must set up PIN firstly and not allow with other exchange market, but for withdrawal fund keep needed email verification code and using 2FA already linked to exchange account. Right now many exchange have additional security if the scammer change the password account will be freeze for withdrawing until 24 hours later and its good feature if some one get hack with their account.
If some one loss mobile phone actually the exchange account keep appear if login trough APP, I used Binance APP and account keep existing for long term and linked 2FA, email at the same mobile phone easily for some one withdrawing your fund if not set up biometric or using PIN code to withdraw fund at exchange account.

It might that hassle but i would say that this is much more secure. You do have that trading code on which you would be needing to input before you can neither sell or buy with some coins and there are tons of verifications on the time that you do withdraw on which i do like, but somewhat i've been using up Binance for now and and OKX and i can say that their security is still that fine and secure. It would be just that depending on you whether you would be turning it on or not. Some people do find it that bit that too hassle or just slow them things down but if we do speak about safety then thats totally a good one. But we do know that storing up your coins on an exchange or custodial wallet is never been safe and just talking about other issues then this is what you should be putting up in mind.

Going back into the topic about those unauthorize withdrawal or simply being hacked then it would be just that common sense that you should be setting out 2fa or that biometric or whatever it is.

[henry_of_skalitz]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

alright thanks for this thread, cause I too currently am only using authentication code, no password or biometrics verification. I would change my right away, and once again thanks for this thread you just save people who would have fall to the same fate as your friend.

You either invest yourself in your security, or you pay up for it down the line.

That's the lesson we should all acknowledge.

[Pandu Geddon]

Going back into the topic about those unauthorize withdrawal or simply being hacked then it would be just that common sense that you should be setting out 2fa or that biometric or whatever it is.

If what is lost is the device, all security applications are also on the lost device, so the person who stole it can still access the exchange and make withdrawals. If you have sensitive access on your smartphone, why not lock your smartphone for added security? You can even turn off the smartphone or track it if it gets lost through the email linked to the device.

[Zigabel]

I will personally want to look at it from a different angle, firstly giving access to someone on that device is the first compromise that if not done, would have possibly averted almost every other ones, it is important to know that your device should be guarded firstly before we start talking about compromising the device, except in the case of theft, that will be considered very differently, then secondly, most phones especially Android phones, has got a feature that helps you hide apps that you do not want people access to incase they get access to your phone.  This is why I always advocate for a second device where in you get to store your assets but in a case where you are using same device, make sure your crypto related assets apps are hidden such that mare having access to the phone, you do not get to see or know the phone have such an app installed on them by just scrolling around the phone, that way you have a device protection first then before proceeding to institute the app built in security features.

[passwordnow]

You either invest yourself in your security, or you pay up for it down the line.

That's the lesson we should all acknowledge.

And others don't learn from the experience of others if it's security related matter for their exchanges account. It's easy to setup additional security measures like 2FA but they don't want to because they're lazy. Confirmation before withdrawals are not a hassle but they're to make sure that you're the actual one that's withdrawing your own money. Because in many cases, if you don't have these extra security, you'll never know that someone has already an access with your exchange account and about to withdraw it. It can happen if your accounts login details are the same from different platforms.

[gunhell16]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

I’m just wondering how they were able to access that through authentication, especially if the device was only borrowed or lent to them. Especially if the authentication involves face or fingerprint verification?

Isn’t that kind of story suspicious? Unless, of course, you actually allowed that person to use your fingerprint or face ID, right?
Even with standard authentication, it shouldn't be that easy to verify immediately, right?