Set your exchange in password or biometric before withdraw.

[taufik123]

-snip-
If some one loss mobile phone actually the exchange account keep appear if login trough APP, I used Binance APP and account keep existing for long term and linked 2FA, email at the same mobile phone easily for some one withdrawing your fund if not set up biometric or using PIN code to withdraw fund at exchange account.

If you do lose your phone, there is still double security on the smartphone itself,
passwords or fingerprints will be a barrier door for those who find or steal the smartphone, so it will not be able to be opened by anyone.

Now smartphone security is more sophisticated and it is not easy to hack or bypass the screen security code,
even if it is forced to open, the data will be permanently deleted.

So in addition to exchange account security, smartphone security also needs to be considered,
always use screen lock security so that no one can access the smartphone when it is lost.

[Oluwa-btc]

Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

You meant stole your friends phone! But then something is off here how was the person able to achieve having access to his phone completely using his pass key, if not it been leaked out by an imposter or third party. What's the point since he got access through authentication what then behold a password except biometrics could be the only way out. Moreso most crypto apps like binance and the rest of them got features where biometrics and other security features to safeguard ones funds are required, once it's set up it could save one from cyber theft.

[shinratensei_]

If what is lost is the device, all security applications are also on the lost device, so the person who stole it can still access the exchange and make withdrawals. If you have sensitive access on your smartphone, why not lock your smartphone for added security? You can even turn off the smartphone or track it if it gets lost through the email linked to the device.

Not locking the phone in the big 2026 is just amateur mistake, simple. Not to mention that most of privacy and security applications allow for biometric verification before opening the app.
Even note app have the feature for faceID scan before granting access in iOS because some people like to put important thing in their note app. If I have an unlocked phone handed over to some stranger, I'm 100% sure that stranger won't have access to anything because every app I use requires faceID. Exchange app is no exception.

Make me wonder how some stranger could possibly access withdrawal which requires 3 verification : an sms, 2fa, and a passkey with faceID scan.

[gunhell16]

Make me wonder how some stranger could possibly access withdrawal which requires 3 verification : an sms, 2fa, and a passkey with faceID scan.

This is exactly what's so puzzling about that situation how did they even bypass those 3 verification steps? Especially the face scan, that's really suspicious.
The thief must be really skilled to impersonate the face scan ID of the person they stole from.

And honestly, no one else uses or handles my mobile device. Of course, this is my privacy and personal property,
unless I deeply trust you with something like this.

[Supreme Donvic]

Make me wonder how some stranger could possibly access withdrawal which requires 3 verification : an sms, 2fa, and a passkey with faceID scan.

This is exactly what's so puzzling about that situation how did they even bypass those 3 verification steps? Especially the face scan, that's really suspicious.
The thief must be really skilled to impersonate the face scan ID of the person they stole from.

And honestly, no one else uses or handles my mobile device. Of course, this is my privacy and personal property,
unless I deeply trust you with something like this.

This are the questions that came to mind when I saw this thread however I’m suspecting that the person that did this to his friend may be someone very close to him and knows his information. Something similar happened to someone I know some time ago it was later that they found out that the person that did that to him was his brother that knows his password and his exchange password too because the person uses same password in everything his doing so if you know that password you can even access his bank that’s why using one password to everything you do is not good I know the reason why people do this is so they won’t forget the password.
People should just learn how to secure there wallet or exchange very well so as to avoid this kind of things.

[Tungbulu]

You meant stole your friends phone! But then something is off here how was the person able to achieve having access to his phone completely using his pass key, if not it been leaked out by an imposter or third party. What's the point since he got access through authentication what then behold a password except biometrics could be the only way out. Moreso most crypto apps like binance and the rest of them got features where biometrics and other security features to safeguard ones funds are required, once it's set up it could save one from cyber theft.

There’s one feature about some of these exchanges that I admire, which is the fact that once you log in from a separate device, it automatically logs out from that device, this way the moment you discover your phone is missing and you know you got some funds on your exchange, you can quickly use someone’s phone to log in to your exchange account and successfully have it logged out from the stolen phone first, and even if the thief manages to change the password and successfully logs back in, which will be possible if he has your email, phone number or even 2FA on that phone, but he won’t be able to move out any funds, not until 24hrs, which is more than enough for anyone to intercept the thief, either by blocking your phone using the IMEI number, or reach out to the exchange to help freeze the account temporarily until you’ve fully gained access back to the account.

[Fivestar4everMVP]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

A crypto trader is not supposed to have just one phone, as a trader, you should have atleast two phones, you use one of the phones trading on your favorite exchanges while you use the other phone for codes and verifications through both emails and authentication.

Like myself, I own two phones currently and one this phones has all the app of exchanges I use for trading, while on the other phone, I have the email account together with the authenticator app that I receive and retrieve codes for account log ins and withdrawal verification, this method ensures that even if one of this phones is stolen, the thief still can not access my funds except he has the second phone, and if he steals this second phone, he can't login to any of the exchanges I use without knowing my password.

And beside, I wanted to ask, wasn't the phone itself locked? How did the thief managed to unlock the phone without first flashing it and deleting every  app on the phone.?

[ancafe]

Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

also have the Binance app and several other exchanges on my smartphone, but I set the passwords differently. This is to make it difficult for people to access certain apps that I consider important enough to protect. It's generally difficult to crack a password on a smartphone unless the password is weak and even if you're using an iPhone, security is probably much better. I don't know how this could have happened so easily as smartphone users should understand the importance of using strong passwords, especially for those involved in investing using multiple apps on their smartphones. So be careful to prevent something like this from happening again as we sometimes take security measures on our smartphones for granted.

[atookz]

This incident is rare but if it does happen it will be detrimental and cause regret. This event is an eye opener that the safety of financial accounts (exchange, internet banking, etc.) or locations where we keep our assets cannot be based on the safety of a single layer of security. Relying on authentication codes, especially if the authentication application is on the same phone, clearly has risks when the phone is lost or stolen. To reduce the possible losses, it is possible to activate additional passwords like biometrics or any other security measures like whitelisting addresses of withdrawal. It's better to be a little difficult at the start than to lose the assets you've worked so hard to accumulate. Because account security is the user's responsibility.

[Nothingtodo]

If the phone had a strong locking system, it would definitely not have been possible for the thief to gain access to the phone. I think there was no locking on the phone, due to which the thief was able to easily enter the phone and access the exchange that was already logged in on the phone. This is the biggest mistake and weakness for an experienced trader or investor because he is a trader himself so he should have kept his phone under strong security. For this reason he must not log in to the exchange but log out and use the phone all the time. That is, due to all these small mistakes he has to face big losses.

[Mpamaegbu]

...even if it is forced to open, the data will be permanently deleted.

Don't be shocked when you get to meet those who don't even use any screen security on their phones. No, they aren't old folks per se. So, we don't begin to argue that they may not know the nitty gritty of security. I've seen quite a few youths who don't have a passcode to their phones.

always use screen lock security so that no one can access the smartphone when it is lost.

It's even better to go beyond the screen lock security for anyone who wants to take their phone security seriously. Activating a SIM lock on one's simcard is a better option.

[taufik123]

Don't be shocked when you get to meet those who don't even use any screen security on their phones. No, they aren't old folks per se. So, we don't begin to argue that they may not know the nitty gritty of security. I've seen quite a few youths who don't have a passcode to their phones.

I also often see young people's phones who don't really understand Gadgets don't give any passwords for fear of forgetting and the like, even though the first security is on the cell phone they hold.
Now almost all people and ages have their own smartphones, but some don't know how to use them properly and don't think about security or anything like that.

But if something as basic as that happens to crypto users, they are unaware of the dangers lurking, security is necessary especially on the assets and devices used as the first entry point.

I even just thought about SIM card lock, I never do a lock on the SIM card because I only focus on the security of my mobile and Desktop devices.
But it is an even more perfect way to lock the SIM Card, because all the OTP and the like will go to the main SIM card.

[8rch7]

If the phone had a strong locking system, it would definitely not have been possible for the thief to gain access to the phone. I think there was no locking on the phone, due to which the thief was able to easily enter the phone and access the exchange that was already logged in on the phone. This is the biggest mistake and weakness for an experienced trader or investor because he is a trader himself so he should have kept his phone under strong security. For this reason he must not log in to the exchange but log out and use the phone all the time. That is, due to all these small mistakes he has to face big losses.

Right, if the mobile phone have strong locking system and protect well additional security for withdrawing fund in exchange I think more protection for an exchange account if suddenly mobile phone stolen. Right now all trader using exchange app for trading to make easily when trading at market without have opening from the computer, but must protect well with mobile phone security and an exchange account must be set up all withdrawal feature.
Have ideas if using app exchange account just log out after opening market although losing phone but someone else can't login yet because don't know password or our exchange account, the same with banking mobile phone although you loss phone but they can't access to your bank account.

[DPHOR]

If the phone had a strong locking system, it would definitely not have been possible for the thief to gain access to the phone. I think there was no locking on the phone, due to which the thief was able to easily enter the phone and access the exchange that was already logged in on the phone. This is the biggest mistake and weakness for an experienced trader or investor because he is a trader himself so he should have kept his phone under strong security. For this reason he must not log in to the exchange but log out and use the phone all the time. That is, due to all these small mistakes he has to face big losses.

Right, if the mobile phone have strong locking system and protect well additional security for withdrawing fund in exchange I think more protection for an exchange account if suddenly mobile phone stolen. Right now all trader using exchange app for trading to make easily when trading at market without have opening from the computer, but must protect well with mobile phone security and an exchange account must be set up all withdrawal feature.
Have ideas if using app exchange account just log out after opening market although losing phone but someone else can't login yet because don't know password or our exchange account, the same with banking mobile phone although you loss phone but they can't access to your bank account.

Even when exchange accounts are being login into our phones, eventually when we lose our phone they can't still access our phone because phone already set on lock, and except such person knows your passwords before they could be able to access your phone and after that they must have to password of your exchange. Like for me, I do use 2FA in all my exchange and they are stored in another phone which is different from the usual phone I do use to trade and go out with. So even when the phone is being misplaced they can't easily have access to my exchange account to make any alteration or even have access to make withdrawal from that account without having to pass the 2FA that is in the other phone.

[OcTradism]

Like for me, I do use 2FA in all my exchange and they are stored in another phone which is different from the usual phone I do use to trade and go out with. So even when the phone is being misplaced they can't easily have access to my exchange account to make any alteration or even have access to make withdrawal from that account without having to pass the 2FA that is in the other phone.

This is  your very good security practice that is recommended for the others too.

People usually don't know this good practice for security of their accounts, and they forgot a very basic principle: 2FA is a second layer of protection for their accounts, so it must be installed on a second device that must be different than the (first) device used for their account logins from emails to exchange accounts.

If people have practice of installed email application, exchange application, 2FA application and login their email, exchange account on a same device with their 2FA installed, that's very bad security practice. For example, if the phone is stolen, almost all necessary information for login accounts, withdraw money are on a same device. If people can bruteforce account passwords, money will be stolen.

[Yaunfitda]

Like for me, I do use 2FA in all my exchange and they are stored in another phone which is different from the usual phone I do use to trade and go out with. So even when the phone is being misplaced they can't easily have access to my exchange account to make any alteration or even have access to make withdrawal from that account without having to pass the 2FA that is in the other phone.

This is  your very good security practice that is recommended for the others too.

People usually don't know this good practice for security of their accounts, and they forgot a very basic principle: 2FA is a second layer of protection for their accounts, so it must be installed on a second device that must be different than the (first) device used for their account logins from emails to exchange accounts.

If people have practice of installed email application, exchange application, 2FA application and login their email, exchange account on a same device with their 2FA installed, that's very bad security practice. For example, if the phone is stolen, almost all necessary information for login accounts, withdraw money are on a same device. If people can bruteforce account passwords, money will be stolen.

Yes, I also have this as my practice, I have another phone on my wife to be used to store my 2FA. But sometimes s**t happens and we just need to learn from it and move on. And again, outside, there are a lot of bad people who's intent is to steal our phone. I'm just watching some local news and this gang, all underage try to steal a phone but they were all caught. But I'm not sure if the law can do something about them, as our law here favors more of the underage criminals. So in any case, we carry the burden now even in real life to be very careful when we are outside as we don't know that the next person are going to steal something from us that might involved our crypto holdings like our precious and expensive phone.

[free-bit.co.in]

Like for me, I do use 2FA in all my exchange and they are stored in another phone which is different from the usual phone I do use to trade and go out with. So even when the phone is being misplaced they can't easily have access to my exchange account to make any alteration or even have access to make withdrawal from that account without having to pass the 2FA that is in the other phone.

This is  your very good security practice that is recommended for the others too.

People usually don't know this good practice for security of their accounts, and they forgot a very basic principle: 2FA is a second layer of protection for their accounts, so it must be installed on a second device that must be different than the (first) device used for their account logins from emails to exchange accounts.

If people have practice of installed email application, exchange application, 2FA application and login their email, exchange account on a same device with their 2FA installed, that's very bad security practice. For example, if the phone is stolen, almost all necessary information for login accounts, withdraw money are on a same device. If people can bruteforce account passwords, money will be stolen.

I agree that using two phones, one dedicated to storing confidential information such as 2FA, emails, or passwords, is a good idea to enhance security. But I do not think that is really necessary, because we can still ensure safety even using just a phone.

Currently, Im using an iPhone, and most of my apps have different password and require Face ID to access. I wonder how someone could access my Binance or email when they all require Face ID?
I just tried accessing my Binance account and without Face ID, my only option was to log out

Cracking password is not as simple as we think