Reason to trust
How Our News is Made
Strict editorial policy that focuses on accuracy, relevance, and impartiality
Ad discliamer
Morbi pretium leo et nisl aliquam mollis. Quisque arcu lorem, ultricies quis pellentesque nec, ullamcorper eu odio.
Amidst the brutal market conditions, a Reddit user, BeanThe5th, has somehow managed to get in more trouble than the market is currently in, reportedly losing two Bitcoin in a hack.
Reddit User Loses Two Bitcoin In Binance Hack
Yesterday, BeanThe5th made a thread in the popular /r/cryptocurrency subreddit, regarding a theft that has occurred on his or her Binance account. Many users who saw this Reddit thread were quite surprised, as it has become common knowledge that Binance is one of the most reputable and secure exchanges that exist.
According to the aforementioned Reddit user, the thieves took two Bitcoins from their account. However, Binance has a daily withdrawal limit in place for unverified users, which stopped the criminals from taking all $50,000 worth of cryptocurrencies from the account. Although some larger investors may see this as a restriction, in this situation, this limit luckily saved a majority of the user’s funds.
The hackers also managed to take control of all of the user’s social media pages, along with any other accounts associated with the hacked email addresses. The user also had cryptoassets on other exchanges but confirmed that the funds on the other exchanges were safe and locked on these exchanges.
How Did This Occur?
The hacker(s) managed to get past the often secure two-factor authentication (2FA) by using a ‘SIM swap’ method. This method of intrusion requires the criminals to pretend to be the targeted individual. The criminal will then need to contact the individual’s phone provider, getting the provider to move all SIM information onto the hacker’s phone. This allows for all two-factor security messages to be sent to the hacker’s phone instead of the original user’s device.
As well, the attackers also managed to take control of the user’s Google Authenticator account, which Binance uses as another layer of security.
Due to the fact that they also had access to the passwords of the individual, it became an easy task to get funds withdrawn from Binance after taking control of the 2FA accounts.
With all these factors in mind, it has become apparent that this attack was meticulous and most likely required an immense amount of planning prior attack’s execution.
A representative from Binance quickly responded as the post skyrocketed to the front page of the most popular cryptocurrency subreddit. Jager, Binance customer support team member, asked for the affected user to procure their support ticket ID, to help expedite the case.
Bean answered with his ticket ID as requested, with the representative from Binance confirming that the account had been locked just a few minutes later.
Security Methods
Some Reddit users suggested alternative methods to make sure that an attack on a cryptocurrency user’s funds won’t happen again.
Reddit user JohnnyK10 recommended a security method to the affected user, saying:
Dont keep 50k worth of coins on a exchange. A cold hardware wallet is your safest bet.
Many cryptocurrency experts, along with large holders, believe that it is best to hold large amounts of cryptocurrencies in a secure hardware wallet, like the Ledger Nano. This greatly reduces the risk of hacking, some saying removing all risk of attack entirely.
Products like the Ledger and Trezor are easy to use and support a wide variety of popular cryptocurrencies. As well, most hardware wallets cost under $150 U.S. dollars, making them a logical security method for users who are aware of these fantastic devices.
Due to the severity of the attack, others speculated that there must have been an attack on the user’s computer, with a keylogger or activity tracker implanted being the most likely scenario. When using a hardware wallet, it removes any risk of a keylogger attack, even if the hardware wallet is plugged into the computer. Hardware wallets keep all sensitive information on the device, using extremely secure channels to help verify transactions using a private key.
If users do not opt-in to buy a hardware wallet, it is suggested by many to keep up to date with the proper computer security programs, which have become increasingly secure.
Think about it, buying a $150 hardware wallet or $100 security program will help many users mitigate the risk of an attack on thousands of dollars worth of their cryptocurrencies.
As more attacks like this occur, it will only begin to make even more sense for investors to keep their funds under lock and key.
Featured Image from Shutterstock
Stella 
adi 
Abdullah Rajab 
fujak 
Hello Man 
Luciano Serafini 
Carlos Salinas 
BS!!!!!!!!! Spoofing a phone will not give the spoofer access to Google 2FA. What a load of sh#$. This user is just looking for sympathy and is lying out of his teeth.
Google 2FA does not care what phone or phone number you are on, it works on your Google account. That is why you should never use 2FA via SMS incase your phone number gets spoofed. What a load of crap. Anyway the problem here lays with the phone service providers lack of security measure that allows anyone to gain access to someone phone account. Best thing to do is DON’T USE SMS 2FA! Use Google 2FA. I still believe this user is BS about being hacked. He just lost his 2BTC in a bad trade I bet with the recent sell off and is looking for sympathy for people to donate I bet.
Also if you are on social media advertising you are a crypto trader for goodness sake use a different phone and email and user id with your trading. Otherwise you will be a target for social reverse engineering.
Yeah – Google 2FA can be removed without the use of the phone because there are offline backup codes. Basically if someone has access to your computer and you keep everything stored in your browser or on your disk then it would be a simple matter for someone to bypass Binanace’s security and take over whatever accounts. You wouldn’t even need to be a hacker, just someone with better than average computer skills, knowledge of the the victims habits and access to their computer.
Even Google 2FA didn’t help keeping my funds safe. Eight months ago, I lost 2.14BTC (worth $8,200 at the time) to a ‘bug’ on C-CEX. Till this day, I got nothing back.
On Quoines exchanges we have an extra layer of security called Iron Shield…..it adds a cooling down period after password or 2fa changes to give any usr who might have lost their phone and whos account has been compromised, time to get hold of the exchange and ensure their ‘funds are snafu’
Use a hardware wallet. I have about $0.50 cents on my Binance account now and the only reason there even is 0.50 cents because to take out that $0.50 cents I have to pay a bigger fee than the $0.50. So I say forget it, not worth it.
Besides it won’t even let me take out the $0.50 because it’s less than 0.01 ETH even.
Exchanges should lets users setting 2 email accounts, one for login and password related purposes and one for communication purposes. In this way users can use a secure dedicated email for security related activities.
another reason to not invest in this ponzi scheme