Just dodged a bullet

Originally posted as a comment in the daily but someone suggested making a post out of it. A kind of PSA about what can happen. So here it is.

I just dodged a fucking bullet… I don’t get what happened but I logged in to Binance, and i immediately got a withdrawal request in my email for all my money. How the fuck are they that fast? I hysterically started spamming all social media binance support accounts i could find to block my account and cancel transactions but received nothing back… binance support site is such a pain in the ass and there is no quick way to contact them… so I opened my backup laptop, guessing that this one is hacked, and my crypto was still sitting there, everything traded to btc which i didnt do. I sent everything to another exchange and changed my passwords and activated all security measures.

View Source

35 thoughts on “Just dodged a bullet”

  1. Congrats friend. To be honest it’s best to permanently avoid accessing crypto from the compromised computer if possible. Even if you run virus scans and try to clean it up, viruses and key logs are really good at remaining undercover nowadays and you shouldn’t take any chances. Even better if you can get a hardware wallet which is literally unhackable and untouchable by a virus

    Reply
  2. > I don’t get what happened but I logged in to Binance

    It’s likely that you didn’t log into Binance; you logged into something you were tricked into believing was Binance. One approach that can help prevent this is password managers that are tied to specific URLs:

    * you randomly generate your password (so you don’t know it)
    * your password manager only logs you into the correct website and refuses to autofill anything else
    * it now becomes much harder to phish you since your password won’t be available on anything other than the real site

    It’s excellent that you had a whitelist activated as well. Excellent work by your past self!

    Reply
  3. That was some good thinking there man. 🤔 Sounds like you had a close call alright.

    Time to get a Trezor of Ledger and keep everything there?

    Reply
  4. Uh-oh. Time to wipe your slate clean. Change Passwords, back up 2FA, and double check all security measures. Stay safe my man you did good

    Reply
  5. Sounds like you have a keylogger somewhere since it happened right when you logged in (I assume you typed in your username/password). You should run antivirus and check your browser extensions.

    Reply
  6. Reinstall your OS!!!

    I lost some funds last year due to similar malware which had full control over my browser. It resulted in a Binance hack with 2FA on.

    The malware had access to my google chrome browser. The gmail account was a separate one, but it was logged in at the moment. They placed an email filter for “[email protected]” on it, so it looked like the mails never arrived (such as withdrawal confirmation code). On top of that they placed a binance login redirection from the legit site (I always check), so after login in with 2FA, the page seems to refresh and 2FA needs to be entered again: once to login and once to approve the transaction…all altcoins converted instantly to bitcoin, so they only needed one transaction confirmation. Whitelisting can help a little, but eventually it only takes them longer to get the funds as they need you to login a second time a few days later.

    Luckily it was only a fraction of my crypto, because the majority is on cold storage. Had to reinstall my laptop completely to get rid of the malware, really nasty. Not sure how it got there…probably when downloading a desktop wallet app from some new project.

    My advice:

    1) Use a separate email address only to access crypto exchanges and only open it on a separate device. If you have malware on your pc, they can basically follow whatever you’re doing in the browser and even put a filter on binance emails so you won’t notice the withrawal confirmation code mails
    2) Activate 2FA with an authenticator app and NEVER enter the 2FA twice in a row during login. Hackers can refresh the legit login page after the first 2FA entry, and make it seem like you have to enter again, while actually you are confirming the withrawal…
    3) Whitelist crypto addresses
    4) Ideally access the exchange on a separate device e.g. ipad

    Can seem paranoid and a bit extreme…until you lose funds yourself, like I learned the hard way ;). Always painful to lose, but gotta learn from your mistakes and move on!

    Reply
  7. Wow, dodged indeed. “They” are that fast because they be bots. Malicious code just waiting for your login. Good you had a backup laptop. It’s wild west out there, you need security measures for your security measures

    Reply
  8. you cant even withdraw anything when you log into binance, they literally force you to wait a while after you log in cause of suspicion

    source: has happened to me while rushing to transfer funds to buy another coin offsite

    Reply
  9. Wow. You reacted super well, they seemed unprepared for you moving with military precision. Maybe a learning from this for those reading is to
    1) read up on security measures for exchanges but also wallets, mails, phones. Activate them all, 2FA, time bound global lock etc
    Edit from OP: 1.1) „Activate whitelist with 1 day delay for new addresses on binance“ Edit 2: or any comparable measure on exchanges.
    2) have a backup step by step plan for different scenarios (where customer supports, devices, actions are written out)
    3) not lose access for point 2)

    Any other advice?

    Reply
  10. Good stuff! Stopped them dead!

    Your only problem now is that you need to declare capital gains on everything they sold. Gah! What a mess.

    Reply
  11. Why don’t you have a security key if you are going to keep your assets on an exchange?

    You physically need to have the key with you to get into your account and to move money.

    Reply
  12. This is the kind of hacking a can stand behind. He did you a favor by converting everything to BTC.

    You got maxied. This is the way.

    Reply
  13. Scary stuff right there, good job on the counter action and quick thinking, at least I know what to do if this happens to me.

    Reply
  14. Glad you caught this in time!

    I would have thought that with 2fa this wouldn’t be possible, I literally can’t do anything in binance without multiple 2fa verifications – am I still not safe from something like this?

    Reply
  15. When you transferred to another exchange, how were you sure that you were approving your withdrawal and not the hackers?

    I would be terrified by this, glad it worked out well for you.

    Reply
  16. Guess that withdrawal verification step saved you. Crappy support but at least they had some steps in place. Nice save.

    Reply

Leave a Comment