Originally posted as a comment in the daily but someone suggested making a post out of it. A kind of PSA about what can happen. So here it is.
I just dodged a fucking bullet… I don’t get what happened but I logged in to Binance, and i immediately got a withdrawal request in my email for all my money. How the fuck are they that fast? I hysterically started spamming all social media binance support accounts i could find to block my account and cancel transactions but received nothing back… binance support site is such a pain in the ass and there is no quick way to contact them… so I opened my backup laptop, guessing that this one is hacked, and my crypto was still sitting there, everything traded to btc which i didnt do. I sent everything to another exchange and changed my passwords and activated all security measures.
That wasn’t a bullet,shit was a straight up tactical missile.
Congrats friend. To be honest it’s best to permanently avoid accessing crypto from the compromised computer if possible. Even if you run virus scans and try to clean it up, viruses and key logs are really good at remaining undercover nowadays and you shouldn’t take any chances. Even better if you can get a hardware wallet which is literally unhackable and untouchable by a virus
> I don’t get what happened but I logged in to Binance
It’s likely that you didn’t log into Binance; you logged into something you were tricked into believing was Binance. One approach that can help prevent this is password managers that are tied to specific URLs:
* you randomly generate your password (so you don’t know it)
* your password manager only logs you into the correct website and refuses to autofill anything else
* it now becomes much harder to phish you since your password won’t be available on anything other than the real site
It’s excellent that you had a whitelist activated as well. Excellent work by your past self!
That was some good thinking there man. 🤔 Sounds like you had a close call alright.
Time to get a Trezor of Ledger and keep everything there?
Damn, my butthole puckered up reading this. Close call OP.
Uh-oh. Time to wipe your slate clean. Change Passwords, back up 2FA, and double check all security measures. Stay safe my man you did good
Sounds like you have a keylogger somewhere since it happened right when you logged in (I assume you typed in your username/password). You should run antivirus and check your browser extensions.
Reinstall your OS!!!
I lost some funds last year due to similar malware which had full control over my browser. It resulted in a Binance hack with 2FA on.
The malware had access to my google chrome browser. The gmail account was a separate one, but it was logged in at the moment. They placed an email filter for “[email protected]” on it, so it looked like the mails never arrived (such as withdrawal confirmation code). On top of that they placed a binance login redirection from the legit site (I always check), so after login in with 2FA, the page seems to refresh and 2FA needs to be entered again: once to login and once to approve the transaction…all altcoins converted instantly to bitcoin, so they only needed one transaction confirmation. Whitelisting can help a little, but eventually it only takes them longer to get the funds as they need you to login a second time a few days later.
Luckily it was only a fraction of my crypto, because the majority is on cold storage. Had to reinstall my laptop completely to get rid of the malware, really nasty. Not sure how it got there…probably when downloading a desktop wallet app from some new project.
My advice:
1) Use a separate email address only to access crypto exchanges and only open it on a separate device. If you have malware on your pc, they can basically follow whatever you’re doing in the browser and even put a filter on binance emails so you won’t notice the withrawal confirmation code mails
2) Activate 2FA with an authenticator app and NEVER enter the 2FA twice in a row during login. Hackers can refresh the legit login page after the first 2FA entry, and make it seem like you have to enter again, while actually you are confirming the withrawal…
3) Whitelist crypto addresses
4) Ideally access the exchange on a separate device e.g. ipad
Can seem paranoid and a bit extreme…until you lose funds yourself, like I learned the hard way ;). Always painful to lose, but gotta learn from your mistakes and move on!
Wow, dodged indeed. “They” are that fast because they be bots. Malicious code just waiting for your login. Good you had a backup laptop. It’s wild west out there, you need security measures for your security measures
you cant even withdraw anything when you log into binance, they literally force you to wait a while after you log in cause of suspicion
source: has happened to me while rushing to transfer funds to buy another coin offsite
Scammers are tainting this space
Congrats man
Wow. You reacted super well, they seemed unprepared for you moving with military precision. Maybe a learning from this for those reading is to
1) read up on security measures for exchanges but also wallets, mails, phones. Activate them all, 2FA, time bound global lock etc
Edit from OP: 1.1) „Activate whitelist with 1 day delay for new addresses on binance“ Edit 2: or any comparable measure on exchanges.
2) have a backup step by step plan for different scenarios (where customer supports, devices, actions are written out)
3) not lose access for point 2)
Any other advice?
So you enabled all the secutity settings AFTER someone almost stole all of your crypto? Living on the edge 😂
Strange… Where do you live?
Awesome we are happy for you.
Matrix style!
Good stuff! Stopped them dead!
Your only problem now is that you need to declare capital gains on everything they sold. Gah! What a mess.
Why don’t you have a security key if you are going to keep your assets on an exchange?
You physically need to have the key with you to get into your account and to move money.
You just upgraded yourself to lvl Neo. Congratulations
Wow, you’re a fast thinker. I’d just be sitting ghere freaking out for a good five minutes
You really doged one there!
Check your browser history. Sounds like you logged into a phishing site.
If this happens to anyone else whitelisting is your friend
This is the kind of hacking a can stand behind. He did you a favor by converting everything to BTC.
You got maxied. This is the way.
Did you have 2FA set up by any chance OP?
Scary stuff right there, good job on the counter action and quick thinking, at least I know what to do if this happens to me.
Good that you managed! 👍
Most likely the trading and withdrawal requests are done so quickly because of API’s.
Glad you caught this in time!
I would have thought that with 2fa this wouldn’t be possible, I literally can’t do anything in binance without multiple 2fa verifications – am I still not safe from something like this?
I’ve never even moved my crypto into a wallet before. Just stays on the exchange for now.
Holy **** gj mate
When you transferred to another exchange, how were you sure that you were approving your withdrawal and not the hackers?
I would be terrified by this, glad it worked out well for you.
Wow well done on your quick thinking and solving it!
Guess that withdrawal verification step saved you. Crappy support but at least they had some steps in place. Nice save.
enable FIDO auth in your account, problem solved.