Set your exchange in password or biometric before withdraw.

[leonair]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

The passkey issue is very secure, but there are many risks in some aspects. For example, I have set my face ID as a passkey on Binance on my iPhone, and when I withdraw, within seconds, the phone is scanned and the withdrawal is successful. Here, no one can withdraw crypto from my account, but when I withdraw to any address, there is no chance to change the decision or do wallet verification. The immediate withdrawal request is successful. So in this case, there may be a withdrawal request to the wrong wallet, and there is also a risk. In fact, there are risks in all aspects of financial management. So being careful is the most important thing.

[shinratensei_]

Make me wonder how some stranger could possibly access withdrawal which requires 3 verification : an sms, 2fa, and a passkey with faceID scan.

This is exactly what's so puzzling about that situation how did they even bypass those 3 verification steps? Especially the face scan, that's really suspicious.
The thief must be really skilled to impersonate the face scan ID of the person they stole from.

And honestly, no one else uses or handles my mobile device. Of course, this is my privacy and personal property,
unless I deeply trust you with something like this.

I suspected it as social engineering where OP's friend is being told to send money to the thief. Binance or any CEXs in general do whatever it takes to put so many security measures in place. They even limit withdrawal and froze account if there is surge of big withdrawal from unknown IP address.
Getting bitcoin stolen just because the phone changed hands for a short time isn't the likely outcome but i will be okay to be proven wrong. Maybe OP's friend actually used self custody wallet provided by exchange and got his seed phrase stolen, Who knows right?

[shield132]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

Crypto exchanges have multiple security methods to protect your account and withdrawals. You should think about the threats that you might face in the future. I wasn't using any security feature of Binance until Binance forced me because crypto isn't very well-known in my country, I have a password on my smartphone, people aren't tech-friendly, especially criminals and in overall, I couldn't be in danger in case someone stole my smartphone, so I didn't care much about it. 7 years have passed since I created a Binance account, never had a problem but I implemented security features two years ago (Binance forced me to be honest). Btw your notice is correct. We should use a password during withdrawals and P2P trading, besides Google's 2FA Authentication (I prefer 2FA over SMS authentication because sometimes you don't receive SMS). I also use Withdrawal Address Whitelist feature but it's risky if someone has or will potentially have access to your smartphone.

[Mpamaegbu]

I even just thought about SIM card lock, I never do a lock on the SIM card because I only focus on the security of my mobile and Desktop devices.
But it is an even more perfect way to lock the SIM Card, because all the OTP and the like will go to the main SIM card.

Sure! It's very important to do that. It keeps one's important data on the simcard safe in case of theft. The worst that can happen is the SIM gets destroyed if the thief continues to attempt cracking it open after it has gone into PUK on third wrong attempts. One can retrieve that later. Most people who got their bank accounts hacked after their phones got stolen though their phones were locked was from bank details saved on their SIMs which weren't locked. We all have to be security conscious in this time and age.

[barbara44]

To be fair, we have a 2FA and it is in the phone as well, so I doubt they would not be able to steal from my phone neither, it would happen. This is the type of thing that we are going to see this as a lot better situation if we just didn't use our phones for this, but at the same time I have a password on my phone, like pin to unlock it so there is really nothing shocking about that.

However, there is nothing wrong with this, it can be very good and nothing further at this than that. For this reason I believe the best we can reach at the moment would be the fact that not using your phone for crypto is superior idea. Just use your pc and you are going to do a lot better, because your pc will not be stolen that easily.

[taufik123]

Sure! It's very important to do that. It keeps one's important data on the simcard safe in case of theft. The worst that can happen is the SIM gets destroyed if the thief continues to attempt cracking it open after it has gone into PUK on third wrong attempts. One can retrieve that later. Most people who got their bank accounts hacked after their phones got stolen though their phones were locked was from bank details saved on their SIMs which weren't locked. We all have to be security conscious in this time and age.

Yes, you are right that all must be provided with security features and no exception such as SIM cards, but if the SIM card is not locked and lost,
you should immediately report to the service center to block or replace the SIM card immediately so as not to be manipulated.

Because I have lost my phone and SIM card and reported the loss right away,
The number will be recovered to the new SIM card and the old SIM card will not be able to be used.

[fighter2627]

There's something that happened yesterday which is making me to create this thread a friend of mine who is a crypto trader, he usually use binance and kucoin for his trading and we all know when it comes to withdrawing your funds in this exchanges you can set it using authentication code, email, password or biometric but you can still set it in a way you can use only the authentication code to withdraw and the authentication app is usually on the phone or system.
Yesterday someone store my friends phone entered his binance and kucoin Because it was already logged in and withdraw his crypto coins, and this was possible because he used only authentication code for withdraw and since the authentication app was on his phone it was easy for the person to withdraw, so please Set your exchange in password or biometric before withdraw because if it was set like that the person wouldn't have been able to withdraw his crypto coins.

Right now, I only have an account on one exchange, but I haven't actually used it yet since I’m still a newbie. I have an account that I think is a centralized one since it requires KYC. I’m willing to submit my KYC documents as long as I know the platform is trusted.

Even though I haven't fully used it yet though I know I'll definitely need it in the future I’ve already activated the 2FA (Two-Factor Authentication). I know this is a way to keep it secure, based on what I’ve read here in the forum. Regarding the OP's story, I personally wouldn't allow anyone else to handle my phone, especially if it contains important information. We should be the only ones handling our personal belongings, of course, and no one else.