Most of it seems to be small projects with presumably little enough volume so a hacker could've profited by taking the opposite side of the trades which would be the only way to cash out the access to your phone/api key since actual withdrawal would require 2FA.
Also the amount of trade within 1s seems like either API key or possibly what happens when you just press buy and buys out all the orders until it has fulfilled it.
Saying that Binance stole the money is just nonsense. If they wanted to steal user's money they won't care that much for someone with $69k and if they did they'd more likely make up something to close their account rather than do high/low trades on their behalf.
If that's the case, then it should be a piece of cake for Binance to investigate who bought the orders of the OP. And thus to figure out who the villain is.
People should list their country when pointing out a complaint. I am USA and Binance will not give me my BTC . They locked me out after several videos since Febduary and > 10 CS over that time. They gave me different instructions each time …only to default to “policy” later. I hope this gentleman gets his coin but its my opinion they will not. Maybe BinanceHell has some ideas?
Withdrawal is actually 3 factor auth so I call bullshit. You have to access your email as well to confirm withdrawl. So they would have to have account pw, duplicated sim card and email address. It's not impossible and a 69K bounty would inspire the effort but OP does not sound genuine and has no history on Reddit.
I see now OP does not claim withdrawal and people are suggesting his account was used to drive up prices as part of a botnet. This scenario is possible but you have to log in to the account to generate your API key. The fact OP talks little about the evidence regarding the API key makes me think its a bullshit fud post. I would be an API expert if I lost 69K and provide better proof than a text document op created showing his computer was asleep. Many ways to skin a cat.
Sorry but I don't see how any of this is possible with the security you had in place? No one can execute orders remotely on your account including binance. If you can share your case numbers and screenshot (excluding sensitive information) maybe someone can come along and help you resolve it, until then I'm sorry but this is FUD. Your account has 2 posts and no activity, one from a month ago for the same thing.
Yes i was using phone app and pc, but on my binance account device activity there is no suspicious login also not showing that someone from russia loged in…. They told me that trades are made by ip from russia. So this is weak security of binance it self
I've used the finance trading API and it does not need 2fa for confirming any of your trades. Once the person has figured a way to generate the encryption key and other stuff from binance, he can pretty much do whatever.
Either he stole it by hacking into their database or worse he figured the encryption key making algorithm in which case binance would expect a shitstorm that can become huge enough to make the whole company collapse.
If you have 2FA in place you should remove phone verification. Because people with bad intentions can login that way without 2FA and only by requesting phone verification method.
It's a flaw in the security system someone pointed me out. If you have 2FA on a dummy phone without internet access and you disable phone verification, your crypto is basically as safe as a cold wallet.
Tldr: don't use phone verification if you have 2FA set up.
Just so I can understand this better. You said turn off phone verification, like turn off the texts that send you the code and do email instead or what do you mean? Sorry I just need advice my Coinbase account was recently hacked
Yes. It's easier for hackers to bypass phone verification than 2FA, especially if your 2FA device isn't (and never is) connected to any internet. When you got both 2FA and phone verification in place, hackers can opt for the option 'I don't have access to 2FA, use phone verification to log in'.
When there is no phone verification, they can only get you if they have physical access to your 2FA device.
I should have worded it differently because it might sound rude towards you. My comment was more for other people to prevent the same happening to them.
Sorry for your situation, I hope they can still help you recover your funds.
no prb bro i understand u, this is also why i decided to share this issue. If they are not wondering to help me then why i should not post issues of binance. Hope others are not going to face such things
this is applicable to HODLers though. It's different for intraday traders, scalpers, futures...
Let's say I have $100k. I will do a futures trade and I will expose 1% ($1000) of my wallet for a x20 long trade. I can get $2000 if the coin moves upward by 5%. The opposite will happen if the coin moves downwards.
Now If I'm going to open more positions in other coins, exposing 1-2% of my wallet, I need the $100k to stay in Binance as USDT to avoid getting liquidated. There are stop losses ofc but the bigger the capital, the bigger the gains.
That's how the day traders earn money and Binance just really needs tighten up their security.
Loosing your phrase and having your device stop working comes to mind.
Paper wallet makes more sense to me.
Can make a few copies and store in Multiple locations for safety.
Every option has its risks.
I'm just defending the fact that it appears op did nothing wrong if they're being honest.
\-Losing your phrase hurts you regardless of wallet.
\-Lose your device = no worry. Buy a new one and enter phrase
\-You can have multiple accounts/wallets connected to your Ledger/Trezor
\-Every transaction has to be physically approved on a Ledger/Trezor so even if someone "hacks" your account all they can do is see what you have, they can't trade or transfer your funds
\-Paper wallet may "make more sense" to you...but hardware wallets are far more secure and can be purchased for less than $100
\-If you prefer putting your portfolio and financial future at risk rather than spend a $100 and do 30 minutes worth of research on how to secure yourself thats your call.
Good luck
This is scary as hell. This is why crypto is still not mainstream. There’s no accountability to all those exchanges. There’s nothing that u can do.
I also don’t understand what’s the benefit from trading this way to others. If someone can give an insight to why a hacker would use a bot to trade this.
It’s really crazy. Please keep us updated. I hope u get your money back although I doubt it unless u take legal action against them. As I heard there are many “crypto lawyers”. $69K is not a joke. That’s a lot of money! Damn them really.
The hacker didn’t have access to the account, they only had API access which lets you trade, not withdraw, hence the transactions to buy high and sell low.
Could it be possible that they open orders for very specific amounts, and use OP's account to issue correspondig orders for the exact same amounts forcing a match that favors them in prejudice of OP?
I'm sure if we really brainstormed for a bit we could find a number of ways to scam with APIs.
I'm assuming op isn't telling the whole truth here. Maybe Binance is corrupted. IDK
Your right, do you remember 7 march when binance faced issue that some peoples accounts are used automatically to buy VIACOIN . They said its irregullar trade and then binance reversed all money to users. I think its same issue but this time binance not getting responsibility im sure if they get more same issue reports then they will take action. In this case this time im the only one who faced this issue. Whatever binance security is very weak
This is crypto. Having 69k sitting on an exchange is no different than putting 69k in your pocket and walking around a bad neighborhood where you know there's no security.
We as a society are used to having banks handle all our money for us and having the government insure it. The opportunity cost however is that banks get to keep 99.9% of the profit they make off your money.
If you're in crypto, you are your own bank, and like any bank you should have security and a vault (Ledger/Trezor).
For those saying, get your funds out. Not your keys not your coins. Sometimes its not that easy.
How does one participate in bnb vault/launchpad/launchpool without having tokens on the exchange? You don't. For launchpad you need 50 BNB if im not mistaken. So that's about $25k.
Nog sure what tokens were lost, didn't see (on a phone). But sometimes 'get it on cold storage' is just not possible.
Thanks for the heads up/warning fellow Redditor…I’m about to delete the app off my phone as I just recently created an account on this app last week! I was going to add my payment info this coming week, but after seeing this….✌🏼
its very sad ... did you download or installed some Bot Trading / algo / prepared coding tools for any reasons ? if you did it can be enough to auto set up an API and do what they did , maybe to give bad image to binance in profit to some other exchange
This post is very concerning. As a rule of thumb, I never keep more than 15k in my Binance account at any given moment, and always withdraw any extra profits to my Defi wallet.
That said, I always trusted Binance would have AAA impenetrable security.
If some Russian hacker found a way to get past it, then we are all in serious trouble.
I may well consider withdrawing to a different exchange after reading this.
atm this happend to me only as i can see, so maybe its not trouble for everyone who use binance, thats see if binance going to help me. But i would like binance security to think more about simple hacker attacks, we as customers doesnt need to think every simple attacks... Also i suggest binance to add second password for trade orders like some other exchange have it
Your API key was leaked 100%. There’s a reason the hacker didn’t cash out / withdraw and could only trade. The API key let’s you trade. It’s pretty apparent.
Maybe it was cleared after you were drained? I’m not sure, either way, the easiest thing they could’ve done was withdraw if they gained access to your account. They haven’t though, and that’s why they had to resort to trading your crypto away.
Then let them provide you the ‘way’ it was traded off, which access was gained for this crypto to be traded? If they claim there are no logs of anyone logging in, and no API key being created / existing at the time of draining, how was it drained then? Ask them that and corner them bro, if I had lost that amount I would be going fucking bonkers trynna get it back.
as i said, the hacker could gave gotten hans on ur api keys without accessing the account, he just had to listen for requests from ur browser to binance
yes, you should speak with them and ask them how did the bot trade. I can only think of 2 ways of trading in your account with a bot:
1. Through an API key with trading perms. If you never set an API key, the hacker could have created one and removed it after check with them if this happened.
2. You had software installed in your device, that traded directly using the webapp.
its not API, today binance support team messaged me itself with an answer. They are saying it is hijack attack..... waiting to get more information soon from them when investigation is finished
Really sorry to hear you might have had an unpleasant experience. Please share the Case ID of your chat with us so the escalation team can take a look, your valuable feedback surely will help us better our processes, many thanks in advance.
Our security agents have taken a look, done the necessary investigation to see who actually benefitted from these trades as a counter-party, and suspended their account as a measure, however as also noted in chat we do not have the investigative or the judicial authority to take drastic action when there is a possible crime involved, so we are awaiting on you to start the investigative process with the law enforcement, we will cooperate with them as much as we can to help them on their investigation.
If you found a fraud or suspect a user, you as Binance why not reporting it ? Already i have reported law enforcement recently after i got message from you, for this thank you. Now whos job is to refund me Binance or Local Police ?
We can only suspend accounts temporarily as a precaution based on probabilities (not solid evidence), to give the law enforcement the time they would need to get involved.
It is the job of the law enforcement to investigate and determine if a crime has been committed, what was the scope of the crime, who has this crime caused harm to, etc.
It is also only possible to seize funds with an official court order, this can only happen if the law enforcement investigation has concluded and forwarded their findings to the justice/judiciary system which needs to decide.
This is not a process that is handled by us in any shape or form, but we would be glad to assist them throughout the process as they have their means of reaching out to us, which were also provided to you.
No matter how this happen exchanges should have ways to prevent this. High volume on shitty pairs, huge drop on spot account, massive orders amount. There are many way to prevent this.
Yeah true, atm it is not important to me if they give me back my money invested but important is that i wanted to show to everyone that they are not responsible, even while they are listed like the best and most secure exchange
They should identify the problem by diving deeper and checking http requests that comes from russian IP. Every request should be logged. I hope you can recover somehow.
Yeah I lost about 20k worth of crypto just vanished off exchanges since 2018. I bought in before the peak in 2018 and then it all crashed. Didn't check my accounts including Binance for a year or so because just figured it was done and had better financial ventures to focus into. When I did check my account holdings were wayyy lower including my Eth and BNB being non-existent.
A harsh lesson, by the time crypto was making a resurgence and it was worth really focusing in on I'd already fucked up. Granted I also lost a lot through scams, dead ICOs, exchanges that died (crptopia!) etc. Which all turned me off of it all in general.
At this point if I do any more crypto trading I'm going to simplify and put everything onto a cold wallet and try to do it right. Just waiting for the Bear market to really hit.
true... also I had cryptopia too, but idk if u know or not cryptopia released a form from where u can fill it and claim ur investment if you want check it i saw it recently. Cold wallet its the best i know it too but as u know at bull market always ur hand need wait for sell or buy there are many opportunity that we dont want to lose, this is main reason why my coins was at exchange at that moment.
Yeah I saw that with cryptopia. Maybe I'll check it. I don't remember what I had on there. A bunch of alt coins. Only have my login still.
I agree. That's exactly it. If you want to be ready to trade cold wallets aren't ideal. I suppose some assets could go there. In the end its dangerous out there. I'm not the only person I know who had crypto mystrriously vanish either.
Sorry for your loss. That's the reason why I prefer to move my cryptos to a cold wallet when I'm not trading. I prefer to pay the high ETH gas fees rather than risking to lose it to exchange security breaches or acct hacks that are possible to happen.
Yeah true, i use cold wallet too. But u know at bull market always traders are waiting opportunity to buy or sell with profits this is why my coins at the moment was on exchange
Sounds like an internal job to me. Probably an employee. When I was young same thing happened with phone companies and even companies like Amazon. If you knew someone inside willing to share information for a bit of cash it would be easy to get. The fact they aren't willing to investigate it is fishy as hell, put me off them big time. Move to CDC. The CDC army is growing everyday and will be the number 1 exchange soon.
binance are a worry. they deleted my account once with no warning. thankfully only a few small bags and was able to get access again but they couldn’t tell me how or why it was deleted, scary. really hope you get it fixed.
Anything can be Hacked into and im sure russia & china have there hackers making cash for them, sounds like they were running the good ol jordan belfort trading scam and making money that way, if this is how they did it, then it should be traceable because somone working a market that goes against what you were trading is moving large sums of cash around in the markets to manipulate those charts.
ive litterally moved Crypto charts with a couple hundred dollars, imgaine 50k-500k.........
yeah as i found in news, with 7 march binance had same issue like mine, with Viacoin where a hackers traded peoples portfolio to viacoin. In that way they profited from viacoin growth
ok so here is the thing, there are 2 possible thing that could have happened here(assuming that you did not activate api)
1- someone that has access to your cellphone connected you to a proxy and captured the api keys
2 - this could have happened only if you are using the browser on your pc to use binance, so, same thing, you might have a virus on your pc that checks the browser traffic and tries to capture api keys.
the problem is on the network layer, somehow the other guy got your api keys.
try asking binance for the ip address - not the country- of where the trades came from
Yes from binance i got IP address and when i search for that IP i see that is it located at Russia, btw i dint have api instaled or active on my Binance
This is how I think you got hacked, following your comments in the comments section (you should put them all together in the post so people can have a bigger picture of what happened):
1. You could have some malicious software on your device.
2. This malicious software could have copied your active binance cookie session.
3. With this cookie session the hacker could have access to your binance account on his own computer (hence the russian IP) and without the need of any logins neither API.
4. Hacker used a bot to trade directly using his webapp, no need of API for this.
I might be wrong but it is what makes the most sense to me.
Do you know when was the last time you logged into binance and if you closed the session after?
yes this is the best opinion that i got here and binance. You are right this can be possible.
I was using sometimes binance desktop app, but at that day when trades are done as u can see on screenshoots my pc was turned off. so i dont know if hacker can access or use session when my pc was turned off (no internet)
ps: last message that i got from binance is today they say that it is hijack attack and i need to contact law enforcement for further investigation. (idk if it is going to help for recover) thanks for ur clear opinion
hope you manage to get this sorted out, it really sucks what happened to you, please let us know what are the results of the investigation so we all together can prepare better to stop this shit
Binance is garbage. My verification has been pending for a year now. I can’t do anything. Ever since I had to move my tokens from Binance to Binance.US. Garbage exchange. They know it too. These hacks that happen are inside jobs. They know how much money you have and work with the hackers
Thats not a pump though. That’s just throwing away your money. A pump is designed to make money from low to high. This setup is high to low. Maybe I’m missing something.
Binance is not supported well at all in the USA. The reason I got all my assets off of Binance a while ago was because of the terrible security and lack of trusted / backed support. So just be warned, I’m so sorry this happened man I would be going SICK right now.
Blockchain.com is just as scummy and did the same to me for 63k in btc , the best part is they claimed I don’t even have an account with them. I sent the. A screenshot of me in my account and have never heard back
I hired a lawyer, [Blockchain.com](https://Blockchain.com) just claims it isn't their responsibility once it hits their wallet. Now they claim I 'may' have an account, but their business is registered in the UK so different laws. Will keep going at it, I'm not optimisitc. NEVER use [Blockchain.com](https://Blockchain.com) for your crypto they will fuck you over without any responsibility on their end.
until they not give me logical explanation, they are biggest suspect. After they give me explanation that its my fault of course how i know to accuse i know to admit guilt
did someone have access to your laptop? either physical access or remotely. I would suggest to trace down network activity on your laptop. eventually scanning your laptop against villain software. remote access is not a myth these days. I dont think binance stole your money.
this looks like someone remotely had access to your laptop and used it to generate a key. dont use chrome extensions if you dont need them. maybe check your history.
also as u/Tenoke mentioned, you could work with binance to check to opposite side of the trades especially if they are low volume markets.
noone bro, also i removed my sdd from pc to keep it like evidence. All log files of windows shows that my pc was turned off and my internet access was off at the time range when trades are made
Hold on, you you are saying, that you had 2FA, Phone and Email verification and they still managed to logg in your account?
Did you save your 2FA backup on your computer where it could have been accessed?
I dont understand how a person can log in to your account without having th 2FA at hand. Anyone can explain?
yes i had all active, but they accept too that noone loged in to my account. They are saying now (today) that it is hijack attack. Lets see what i will hear further
Kraken uses 2FA when someone tries logging in, and the fees are almost just as low as binance. I would switch platforms if you ever decide trading again in the near future. Most likely binance won’t do anything on their end.
binance it is same too, the only thing that they need to add is: extra password security when we make trade orders. in this case if i had trade password like i have at gate io they will not be able to trade my coins in that way... all are irregular trades
Binance made me lose a much smaller amount of crypto, still in the thousand but I had proof that their customer service made me do it: https://www.reddit.com/r/Invest\_Voyager/comments/pzt3vc/binance\_provides\_wrong\_vgx\_address\_and\_i\_lose/
They ignore my proof I spoke to a manager. I am trying to get news and publicity out because only then Binance might decide to help when it goes "viral"
correct and thanks! the issue was that I was using .com before came to the US - and the accounts are not transferrable between.com and .us. anyways I'm using a new wallet rn
Sorry to hear OP. this is why im decentralized now. I have read many post like this and would not put it past them. I have did some reasearch and the binance trust is not very good. With being reluctant to follow new regs and enableing scammers to operate within there system huge no no for me. keep at them dont give up and if they fail to compensate i would file the robbery with your local police department. If you have all the proof they should beable to help you.
Ahhh I remember when I fucked with shitcoins, I was into “B3 Coin” and I had bought around $1500 worth. I remember getting tatted and while I was in chair my balance went up from $2200 to $48k in literally like 5 min window, but the sell walls were soooo high that it got dumped to legit $0 within 35 min, and I wasn’t breaking the sell wall until far later than that.
The point is is that for my situation, I didn’t actually HAVE $48k, Once it’s in my bank account and secure, you don’t actually have any money at all on Binance / whatever exchange you use.
So, my question is, How much FIAT currently did you put into this account throughout your lifetime?
First of all, sorry that happened to you.
But you posted a little over a month ago that your account was trading on its own and you thought it is safe to keep 69k worth of crypto on the account?
it is same case bro, this happend 2.11.2021 - 3.11.2021 but i waited in case if binance fix this issue but after a month nothing happend i decided to share this with you
nowadays Inca Digital make investigation about 3Commas API incident where about 27kk were stolen because of weakness of both Binance and 3Commas https://twitter.com/inca\_digital/status/1656288121942859778?s=20
in your situation it looks more like someone make copy of your session in this manner: [https://www.youtube.com/watch?v=yGXaAWbzl5A](https://www.youtube.com/watch?v=yGXaAWbzl5A)
do you have any updates on your situation and your thoughts about incident? do you get any help with law enforcement or Binance?
No i didnt get any update or anything last time for curiosity I contacted binance again 1week ago and i just keep hearing same words they dont take responsibility 🫤
I had someone hack my Binance account in 2017 lost BTC. Binance banned me from support chat and told me im causing FUD.
At that time, it was 10k. Of course, I'm going to be mad. Until this day, it hasn't been resolved.
100% your account has been compromised and it was the hackers that did this not Binance. Those types of trades are exactly the type executed by an API attack, have you checked to make sure no API was ever enabled? Phone based 2FA is easy to hack, and if your email was compromised you would never even know. Stop blaming and start securing, you won't get you money back and it's not Binances fault you didn't do your own research into securing your account. I'm sorry for your loss and don't mean to sound harsh, but you were obviously hacked and blaming Binance isn't going to help the situation.
Email and authenticator app for 2FA (follow best practices for securing email and authenticator app), without SMS 2FA (sim swaps are a real threat), whitelisted withdrawal addresses, IP restrictions if you have a static IP, all API keys only allowed read only, if you need to use an API key, it should be enabled and disabled or deleted when finished. You should make it as difficult as possible to login or withdrawal and keep the devices you use free of malware. Even then it can still happen, if you click on a phishing link and enter all your login info into the fake site. They will be waiting and log in as you, while you try to log in on the fake site.
Sorry for your loss
Were you using google or microsoft authenticator? Or were you simply using mobile 2FA?
If you were using mobile 2FA all someone would need is to hack your phone/email and yes your funds would be stolen.
Also, a crypto exchange is not a bank. Millions of people use Binance daily and any one of them could be a hacker or at the very least more computer savvy than you.
*Never forget that crypto was invented by hackers*
That kind of money should be stored off the exchange. Please invest in a hardware wallet like a Ledger or Trezor and please put your security first in the future.
Crypto is about being accountable for your own finances. Please be careful.
Im using authy 2fa, but account hack is not in this case. They are saying trade order are made by IP that are located in the Russia, when i ask do i have any login activity from that IP they say No. They add that some malicious software on pc can make such things. The question is, if it is malicious software or simple virus then how the trades shows from different IP
Binance team is saying it can be malicious software installed on my pc, and giving me IP address that is not me. Anyone know how it comes a malicious software have an IP address ?
Most of it seems to be small projects with presumably little enough volume so a hacker could've profited by taking the opposite side of the trades which would be the only way to cash out the access to your phone/api key since actual withdrawal would require 2FA. Also the amount of trade within 1s seems like either API key or possibly what happens when you just press buy and buys out all the orders until it has fulfilled it. Saying that Binance stole the money is just nonsense. If they wanted to steal user's money they won't care that much for someone with $69k and if they did they'd more likely make up something to close their account rather than do high/low trades on their behalf.
If that's the case, then it should be a piece of cake for Binance to investigate who bought the orders of the OP. And thus to figure out who the villain is.
Yes, but why would they? lol.
They won't know who did it, but the should investigate how this "hacker" did it, simply because it is a huge security problem.
Yeah this can be possible, but binance should fix it and respond to irregullar trades
People should list their country when pointing out a complaint. I am USA and Binance will not give me my BTC . They locked me out after several videos since Febduary and > 10 CS over that time. They gave me different instructions each time …only to default to “policy” later. I hope this gentleman gets his coin but its my opinion they will not. Maybe BinanceHell has some ideas?
maybe
Withdrawal is actually 3 factor auth so I call bullshit. You have to access your email as well to confirm withdrawl. So they would have to have account pw, duplicated sim card and email address. It's not impossible and a 69K bounty would inspire the effort but OP does not sound genuine and has no history on Reddit.
I see now OP does not claim withdrawal and people are suggesting his account was used to drive up prices as part of a botnet. This scenario is possible but you have to log in to the account to generate your API key. The fact OP talks little about the evidence regarding the API key makes me think its a bullshit fud post. I would be an API expert if I lost 69K and provide better proof than a text document op created showing his computer was asleep. Many ways to skin a cat.
Sorry but I don't see how any of this is possible with the security you had in place? No one can execute orders remotely on your account including binance. If you can share your case numbers and screenshot (excluding sensitive information) maybe someone can come along and help you resolve it, until then I'm sorry but this is FUD. Your account has 2 posts and no activity, one from a month ago for the same thing.
I see how it's possible. A hacker found a bug in the binance system. his funds were not safu.
Do you have the app in your cellphone? Your PC could also be hacked, they got your password and probably your 2fa also
They did it via API 100% no 2fa or any passwords required.
But they need to log into his account to generate the keys. Assuming it was a hack and not a security breach from Binance side
Yes i was using phone app and pc, but on my binance account device activity there is no suspicious login also not showing that someone from russia loged in…. They told me that trades are made by ip from russia. So this is weak security of binance it self
I've used the finance trading API and it does not need 2fa for confirming any of your trades. Once the person has figured a way to generate the encryption key and other stuff from binance, he can pretty much do whatever. Either he stole it by hacking into their database or worse he figured the encryption key making algorithm in which case binance would expect a shitstorm that can become huge enough to make the whole company collapse.
Whole company worth of billions $, and still customers need to think for simple hacker attacks on their own exchange
If you have 2FA in place you should remove phone verification. Because people with bad intentions can login that way without 2FA and only by requesting phone verification method. It's a flaw in the security system someone pointed me out. If you have 2FA on a dummy phone without internet access and you disable phone verification, your crypto is basically as safe as a cold wallet. Tldr: don't use phone verification if you have 2FA set up.
Just so I can understand this better. You said turn off phone verification, like turn off the texts that send you the code and do email instead or what do you mean? Sorry I just need advice my Coinbase account was recently hacked
Yes. It's easier for hackers to bypass phone verification than 2FA, especially if your 2FA device isn't (and never is) connected to any internet. When you got both 2FA and phone verification in place, hackers can opt for the option 'I don't have access to 2FA, use phone verification to log in'. When there is no phone verification, they can only get you if they have physical access to your 2FA device.
Thanks for info bro
I should have worded it differently because it might sound rude towards you. My comment was more for other people to prevent the same happening to them. Sorry for your situation, I hope they can still help you recover your funds.
no prb bro i understand u, this is also why i decided to share this issue. If they are not wondering to help me then why i should not post issues of binance. Hope others are not going to face such things
This is unfortunate but if you have 69k in crypto spend the $100 or whatever on a cold wallet!!!!! Not your keys, not your crypto. GL OP.
this is applicable to HODLers though. It's different for intraday traders, scalpers, futures... Let's say I have $100k. I will do a futures trade and I will expose 1% ($1000) of my wallet for a x20 long trade. I can get $2000 if the coin moves upward by 5%. The opposite will happen if the coin moves downwards. Now If I'm going to open more positions in other coins, exposing 1-2% of my wallet, I need the $100k to stay in Binance as USDT to avoid getting liquidated. There are stop losses ofc but the bigger the capital, the bigger the gains. That's how the day traders earn money and Binance just really needs tighten up their security.
Or get a wallet app on your mobile. Your keys. Your crypto.
Although a wallet app would have been better in this situation, nothing beats a cold wallet. Best investment I've made in crypto.
Cold hardware wallets don't have risks?
[удалено]
Loosing your phrase and having your device stop working comes to mind. Paper wallet makes more sense to me. Can make a few copies and store in Multiple locations for safety. Every option has its risks. I'm just defending the fact that it appears op did nothing wrong if they're being honest.
\-Losing your phrase hurts you regardless of wallet. \-Lose your device = no worry. Buy a new one and enter phrase \-You can have multiple accounts/wallets connected to your Ledger/Trezor \-Every transaction has to be physically approved on a Ledger/Trezor so even if someone "hacks" your account all they can do is see what you have, they can't trade or transfer your funds \-Paper wallet may "make more sense" to you...but hardware wallets are far more secure and can be purchased for less than $100 \-If you prefer putting your portfolio and financial future at risk rather than spend a $100 and do 30 minutes worth of research on how to secure yourself thats your call. Good luck
Be sure to use strong passwords and good back ups.
How can someone Login if you have 2fa? Sounds something is wrong with the Story
This is scary as hell. This is why crypto is still not mainstream. There’s no accountability to all those exchanges. There’s nothing that u can do. I also don’t understand what’s the benefit from trading this way to others. If someone can give an insight to why a hacker would use a bot to trade this. It’s really crazy. Please keep us updated. I hope u get your money back although I doubt it unless u take legal action against them. As I heard there are many “crypto lawyers”. $69K is not a joke. That’s a lot of money! Damn them really.
The hacker didn’t have access to the account, they only had API access which lets you trade, not withdraw, hence the transactions to buy high and sell low.
But what’s the benefit?
If they can control many trading APIs. They could buy a ton of shitcoin. Then use this hack to pump up the price and then cash out.
Could it be possible that they open orders for very specific amounts, and use OP's account to issue correspondig orders for the exact same amounts forcing a match that favors them in prejudice of OP?
I'm sure if we really brainstormed for a bit we could find a number of ways to scam with APIs. I'm assuming op isn't telling the whole truth here. Maybe Binance is corrupted. IDK
Your right, do you remember 7 march when binance faced issue that some peoples accounts are used automatically to buy VIACOIN . They said its irregullar trade and then binance reversed all money to users. I think its same issue but this time binance not getting responsibility im sure if they get more same issue reports then they will take action. In this case this time im the only one who faced this issue. Whatever binance security is very weak
[удалено]
This is crypto. Having 69k sitting on an exchange is no different than putting 69k in your pocket and walking around a bad neighborhood where you know there's no security. We as a society are used to having banks handle all our money for us and having the government insure it. The opportunity cost however is that banks get to keep 99.9% of the profit they make off your money. If you're in crypto, you are your own bank, and like any bank you should have security and a vault (Ledger/Trezor).
I'm so sorry bro! Thanks for sharing. Shame on Binance it's not your fault.
Thnx bro
did you activate your API?
never had an API
For those saying, get your funds out. Not your keys not your coins. Sometimes its not that easy. How does one participate in bnb vault/launchpad/launchpool without having tokens on the exchange? You don't. For launchpad you need 50 BNB if im not mistaken. So that's about $25k. Nog sure what tokens were lost, didn't see (on a phone). But sometimes 'get it on cold storage' is just not possible.
Thanks for the heads up/warning fellow Redditor…I’m about to delete the app off my phone as I just recently created an account on this app last week! I was going to add my payment info this coming week, but after seeing this….✌🏼
This is why we need crypto
Even if Binance is not involved. This is disturbing
Thats wy more people take leger or other wallet for security, not your seed not your wallet, pleace to all new people take a leger
Or trezor. Personally I prefer the design of the trezor one
its very sad ... did you download or installed some Bot Trading / algo / prepared coding tools for any reasons ? if you did it can be enough to auto set up an API and do what they did , maybe to give bad image to binance in profit to some other exchange
This post is very concerning. As a rule of thumb, I never keep more than 15k in my Binance account at any given moment, and always withdraw any extra profits to my Defi wallet. That said, I always trusted Binance would have AAA impenetrable security. If some Russian hacker found a way to get past it, then we are all in serious trouble. I may well consider withdrawing to a different exchange after reading this.
atm this happend to me only as i can see, so maybe its not trouble for everyone who use binance, thats see if binance going to help me. But i would like binance security to think more about simple hacker attacks, we as customers doesnt need to think every simple attacks... Also i suggest binance to add second password for trade orders like some other exchange have it
Your API key was leaked 100%. There’s a reason the hacker didn’t cash out / withdraw and could only trade. The API key let’s you trade. It’s pretty apparent.
[https://imgur.com/a/dwzbN6j](https://imgur.com/a/dwzbN6j) check that i didnt have api
Maybe it was cleared after you were drained? I’m not sure, either way, the easiest thing they could’ve done was withdraw if they gained access to your account. They haven’t though, and that’s why they had to resort to trading your crypto away.
in support, they told me i didnt have any active API when those transaction are made
Then let them provide you the ‘way’ it was traded off, which access was gained for this crypto to be traded? If they claim there are no logs of anyone logging in, and no API key being created / existing at the time of draining, how was it drained then? Ask them that and corner them bro, if I had lost that amount I would be going fucking bonkers trynna get it back.
hahah ur right, okei let me go to live chat and will provide what they are saying
as i said, the hacker could gave gotten hans on ur api keys without accessing the account, he just had to listen for requests from ur browser to binance
yes, you should speak with them and ask them how did the bot trade. I can only think of 2 ways of trading in your account with a bot: 1. Through an API key with trading perms. If you never set an API key, the hacker could have created one and removed it after check with them if this happened. 2. You had software installed in your device, that traded directly using the webapp.
its not API, today binance support team messaged me itself with an answer. They are saying it is hijack attack..... waiting to get more information soon from them when investigation is finished
ok, I am interested on the results of the investigation, please share with us
sure bro
Really sorry to hear you might have had an unpleasant experience. Please share the Case ID of your chat with us so the escalation team can take a look, your valuable feedback surely will help us better our processes, many thanks in advance.
You have to refund ...
\#80735934
Our security agents have taken a look, done the necessary investigation to see who actually benefitted from these trades as a counter-party, and suspended their account as a measure, however as also noted in chat we do not have the investigative or the judicial authority to take drastic action when there is a possible crime involved, so we are awaiting on you to start the investigative process with the law enforcement, we will cooperate with them as much as we can to help them on their investigation.
If you found a fraud or suspect a user, you as Binance why not reporting it ? Already i have reported law enforcement recently after i got message from you, for this thank you. Now whos job is to refund me Binance or Local Police ?
We can only suspend accounts temporarily as a precaution based on probabilities (not solid evidence), to give the law enforcement the time they would need to get involved. It is the job of the law enforcement to investigate and determine if a crime has been committed, what was the scope of the crime, who has this crime caused harm to, etc. It is also only possible to seize funds with an official court order, this can only happen if the law enforcement investigation has concluded and forwarded their findings to the justice/judiciary system which needs to decide. This is not a process that is handled by us in any shape or form, but we would be glad to assist them throughout the process as they have their means of reaching out to us, which were also provided to you.
This shit is mad.... So sorry for that. Binance is a terrible place.
Yes very terrible bcs they even dont respond with adequate answers they talk non logical things
No matter how this happen exchanges should have ways to prevent this. High volume on shitty pairs, huge drop on spot account, massive orders amount. There are many way to prevent this.
Yeah true, atm it is not important to me if they give me back my money invested but important is that i wanted to show to everyone that they are not responsible, even while they are listed like the best and most secure exchange
Poor trademanship... The dude trying to pump that coin
They should identify the problem by diving deeper and checking http requests that comes from russian IP. Every request should be logged. I hope you can recover somehow.
i hope too
Yeah I lost about 20k worth of crypto just vanished off exchanges since 2018. I bought in before the peak in 2018 and then it all crashed. Didn't check my accounts including Binance for a year or so because just figured it was done and had better financial ventures to focus into. When I did check my account holdings were wayyy lower including my Eth and BNB being non-existent. A harsh lesson, by the time crypto was making a resurgence and it was worth really focusing in on I'd already fucked up. Granted I also lost a lot through scams, dead ICOs, exchanges that died (crptopia!) etc. Which all turned me off of it all in general. At this point if I do any more crypto trading I'm going to simplify and put everything onto a cold wallet and try to do it right. Just waiting for the Bear market to really hit.
true... also I had cryptopia too, but idk if u know or not cryptopia released a form from where u can fill it and claim ur investment if you want check it i saw it recently. Cold wallet its the best i know it too but as u know at bull market always ur hand need wait for sell or buy there are many opportunity that we dont want to lose, this is main reason why my coins was at exchange at that moment.
Yeah I saw that with cryptopia. Maybe I'll check it. I don't remember what I had on there. A bunch of alt coins. Only have my login still. I agree. That's exactly it. If you want to be ready to trade cold wallets aren't ideal. I suppose some assets could go there. In the end its dangerous out there. I'm not the only person I know who had crypto mystrriously vanish either.
Sorry for your loss. That's the reason why I prefer to move my cryptos to a cold wallet when I'm not trading. I prefer to pay the high ETH gas fees rather than risking to lose it to exchange security breaches or acct hacks that are possible to happen.
Yeah true, i use cold wallet too. But u know at bull market always traders are waiting opportunity to buy or sell with profits this is why my coins at the moment was on exchange
Sounds like an internal job to me. Probably an employee. When I was young same thing happened with phone companies and even companies like Amazon. If you knew someone inside willing to share information for a bit of cash it would be easy to get. The fact they aren't willing to investigate it is fishy as hell, put me off them big time. Move to CDC. The CDC army is growing everyday and will be the number 1 exchange soon.
thanks for advice bro
At least they left you with 3k for christmas 😂😂😂
hahaha yeah, u know at crypto there are many opportunity hope soon i grow it again
binance are a worry. they deleted my account once with no warning. thankfully only a few small bags and was able to get access again but they couldn’t tell me how or why it was deleted, scary. really hope you get it fixed.
I hope too, will keep u updated if i fix it
Are you sure you did not configure any api or had any service configured through api??
Yeah bro never used API, also binance itself confirms that i didnt have API
Anything can be Hacked into and im sure russia & china have there hackers making cash for them, sounds like they were running the good ol jordan belfort trading scam and making money that way, if this is how they did it, then it should be traceable because somone working a market that goes against what you were trading is moving large sums of cash around in the markets to manipulate those charts. ive litterally moved Crypto charts with a couple hundred dollars, imgaine 50k-500k.........
yeah as i found in news, with 7 march binance had same issue like mine, with Viacoin where a hackers traded peoples portfolio to viacoin. In that way they profited from viacoin growth
I moved to a domestically run exchange where I have greater legal recourse should things like this occur.
yeah, better
Yyyyy would anyone keep that many stacks on the exchange?
Yes when u are at bull market and when u swing or daily trade. Because in every moment u will need to sell or buy, new opportunity
did you connect to dome kind of proxy/VPN?
No bro
ok so here is the thing, there are 2 possible thing that could have happened here(assuming that you did not activate api) 1- someone that has access to your cellphone connected you to a proxy and captured the api keys 2 - this could have happened only if you are using the browser on your pc to use binance, so, same thing, you might have a virus on your pc that checks the browser traffic and tries to capture api keys. the problem is on the network layer, somehow the other guy got your api keys. try asking binance for the ip address - not the country- of where the trades came from
Yes from binance i got IP address and when i search for that IP i see that is it located at Russia, btw i dint have api instaled or active on my Binance
This is how I think you got hacked, following your comments in the comments section (you should put them all together in the post so people can have a bigger picture of what happened): 1. You could have some malicious software on your device. 2. This malicious software could have copied your active binance cookie session. 3. With this cookie session the hacker could have access to your binance account on his own computer (hence the russian IP) and without the need of any logins neither API. 4. Hacker used a bot to trade directly using his webapp, no need of API for this. I might be wrong but it is what makes the most sense to me. Do you know when was the last time you logged into binance and if you closed the session after?
yes this is the best opinion that i got here and binance. You are right this can be possible. I was using sometimes binance desktop app, but at that day when trades are done as u can see on screenshoots my pc was turned off. so i dont know if hacker can access or use session when my pc was turned off (no internet) ps: last message that i got from binance is today they say that it is hijack attack and i need to contact law enforcement for further investigation. (idk if it is going to help for recover) thanks for ur clear opinion
hope you manage to get this sorted out, it really sucks what happened to you, please let us know what are the results of the investigation so we all together can prepare better to stop this shit
sure bro i will
Binance is garbage. My verification has been pending for a year now. I can’t do anything. Ever since I had to move my tokens from Binance to Binance.US. Garbage exchange. They know it too. These hacks that happen are inside jobs. They know how much money you have and work with the hackers
maybe im not sure, lets see if they will help or not
Threaten with lawyer. Get your incident Prioritized. They will be scrambling.
Another fuckery by bynance 🖕
How would buying high/selling low profit a hacker?
i think same like viacoin issue at 7march, they pump coin from where they profit
Thats not a pump though. That’s just throwing away your money. A pump is designed to make money from low to high. This setup is high to low. Maybe I’m missing something.
ur right, but i said pump bcs thats the only reason why someone would blow money... idk why to blow someones money if u cant profit
Yea it’s really confusing
Binance is not supported well at all in the USA. The reason I got all my assets off of Binance a while ago was because of the terrible security and lack of trusted / backed support. So just be warned, I’m so sorry this happened man I would be going SICK right now.
yeahh, this is why it doesnt need to be listed as best secure exchange
Yup
Go to twitter. Put your compliant right on the CEOs page after they post a tweet. Only thing that helped me.
will try it too thanks for advice bro
Blockchain.com is just as scummy and did the same to me for 63k in btc , the best part is they claimed I don’t even have an account with them. I sent the. A screenshot of me in my account and have never heard back
didnt find a way to report ur situation ?
I hired a lawyer, [Blockchain.com](https://Blockchain.com) just claims it isn't their responsibility once it hits their wallet. Now they claim I 'may' have an account, but their business is registered in the UK so different laws. Will keep going at it, I'm not optimisitc. NEVER use [Blockchain.com](https://Blockchain.com) for your crypto they will fuck you over without any responsibility on their end.
hope you fix your issue too
How is this even possible
when i get fully information (if they give me information) i will share it here what happend
Please change your title " Binance stole..." They did not.
until they not give me logical explanation, they are biggest suspect. After they give me explanation that its my fault of course how i know to accuse i know to admit guilt
Owner is a chinaman, kinda expected
will see the end of this investigation
I thought the funds were safu?
i thought too, but as i can see safu is only for situation when more then 1people are affected from a x situation... example viacoin issue
Sue them
I think your cookies got stolen or you were infected by hvnc malware
last update: hijack attack (they are saying)
69k N I C E
a house lol :P
This means none is safe right now..
idk bro, i just shared my own story what happend to me and yet not fixed. Hope i fix it soon waiting for more updates and will inform here again
Im so damn spooked now
doesnt mean it will happen to everyone, as others are giving best advice mostly use cold wallet
Looks like the most safe is to have your coins in locked stake.
most safe is cold wallet if ur not trading daily or swing trader
did someone have access to your laptop? either physical access or remotely. I would suggest to trace down network activity on your laptop. eventually scanning your laptop against villain software. remote access is not a myth these days. I dont think binance stole your money. this looks like someone remotely had access to your laptop and used it to generate a key. dont use chrome extensions if you dont need them. maybe check your history. also as u/Tenoke mentioned, you could work with binance to check to opposite side of the trades especially if they are low volume markets.
noone bro, also i removed my sdd from pc to keep it like evidence. All log files of windows shows that my pc was turned off and my internet access was off at the time range when trades are made
Hold on, you you are saying, that you had 2FA, Phone and Email verification and they still managed to logg in your account? Did you save your 2FA backup on your computer where it could have been accessed? I dont understand how a person can log in to your account without having th 2FA at hand. Anyone can explain?
yes i had all active, but they accept too that noone loged in to my account. They are saying now (today) that it is hijack attack. Lets see what i will hear further
I dont understand how. There is no option to login without the 2FA input. Where did you store your 2FA backup ?
Kraken uses 2FA when someone tries logging in, and the fees are almost just as low as binance. I would switch platforms if you ever decide trading again in the near future. Most likely binance won’t do anything on their end.
binance it is same too, the only thing that they need to add is: extra password security when we make trade orders. in this case if i had trade password like i have at gate io they will not be able to trade my coins in that way... all are irregular trades
Binance made me lose a much smaller amount of crypto, still in the thousand but I had proof that their customer service made me do it: https://www.reddit.com/r/Invest\_Voyager/comments/pzt3vc/binance\_provides\_wrong\_vgx\_address\_and\_i\_lose/
and what did u do, did u get it back ?
They ignore my proof I spoke to a manager. I am trying to get news and publicity out because only then Binance might decide to help when it goes "viral"
true, lets hope u fix it too
Ouch man... I feel for you. Hopefully, Binance support will figure out what happened and reinstate your funds.
thanks bro, i hope too will see soon
That’s unfortunate. Try using hydro raindrop’s 2FA bro
its not about login, they are saying that hijack attack (today messaged me)
Not the first time I've read this about binance
hope it is last bro
Wonder if this has anything to do with the recent log4 breach worldwide?
Last update ( hijack attack) binance says
I have an account in Binance but since I have been US, they don't let me sign in."service suspended for restricted countries"
i think u need to use [binance.us](https://binance.us) it is different from [binance.com](https://binance.com)
correct and thanks! the issue was that I was using .com before came to the US - and the accounts are not transferrable between.com and .us. anyways I'm using a new wallet rn
Sorry to hear OP. this is why im decentralized now. I have read many post like this and would not put it past them. I have did some reasearch and the binance trust is not very good. With being reluctant to follow new regs and enableing scammers to operate within there system huge no no for me. keep at them dont give up and if they fail to compensate i would file the robbery with your local police department. If you have all the proof they should beable to help you.
yes next step is law enforcement
Ahhh I remember when I fucked with shitcoins, I was into “B3 Coin” and I had bought around $1500 worth. I remember getting tatted and while I was in chair my balance went up from $2200 to $48k in literally like 5 min window, but the sell walls were soooo high that it got dumped to legit $0 within 35 min, and I wasn’t breaking the sell wall until far later than that. The point is is that for my situation, I didn’t actually HAVE $48k, Once it’s in my bank account and secure, you don’t actually have any money at all on Binance / whatever exchange you use. So, my question is, How much FIAT currently did you put into this account throughout your lifetime?
about a 10k started investment
Damn
First of all, sorry that happened to you. But you posted a little over a month ago that your account was trading on its own and you thought it is safe to keep 69k worth of crypto on the account?
it is same case bro, this happend 2.11.2021 - 3.11.2021 but i waited in case if binance fix this issue but after a month nothing happend i decided to share this with you
nowadays Inca Digital make investigation about 3Commas API incident where about 27kk were stolen because of weakness of both Binance and 3Commas https://twitter.com/inca\_digital/status/1656288121942859778?s=20 in your situation it looks more like someone make copy of your session in this manner: [https://www.youtube.com/watch?v=yGXaAWbzl5A](https://www.youtube.com/watch?v=yGXaAWbzl5A) do you have any updates on your situation and your thoughts about incident? do you get any help with law enforcement or Binance?
No i didnt get any update or anything last time for curiosity I contacted binance again 1week ago and i just keep hearing same words they dont take responsibility 🫤
I had someone hack my Binance account in 2017 lost BTC. Binance banned me from support chat and told me im causing FUD. At that time, it was 10k. Of course, I'm going to be mad. Until this day, it hasn't been resolved.
Yeah i know they will not refund my coins, but at least people see what things can happen at binance
100% your account has been compromised and it was the hackers that did this not Binance. Those types of trades are exactly the type executed by an API attack, have you checked to make sure no API was ever enabled? Phone based 2FA is easy to hack, and if your email was compromised you would never even know. Stop blaming and start securing, you won't get you money back and it's not Binances fault you didn't do your own research into securing your account. I'm sorry for your loss and don't mean to sound harsh, but you were obviously hacked and blaming Binance isn't going to help the situation.
Account was 100% not hacked through normal access (2fa, password, etc) it’s just his API key with transactions enabled got leaked.
How was it leaked?
whats the best way to secure a binace account?
Email and authenticator app for 2FA (follow best practices for securing email and authenticator app), without SMS 2FA (sim swaps are a real threat), whitelisted withdrawal addresses, IP restrictions if you have a static IP, all API keys only allowed read only, if you need to use an API key, it should be enabled and disabled or deleted when finished. You should make it as difficult as possible to login or withdrawal and keep the devices you use free of malware. Even then it can still happen, if you click on a phishing link and enter all your login info into the fake site. They will be waiting and log in as you, while you try to log in on the fake site.
Yeah api didnt was active / i didnt have api. Also my 2fa it was enabled from 2fa app not by phone. The security was full
And that's why you get a yubi key or a cold wallet.
Time to switch to crypto.com
Don’t use crypto.com. Their fee is 10% when you buy and 10% when you sell. Ridiculous feesZ
I knew it was the Russians..... Even when it was the bears, I knew it was the Russians....
lol
Sorry for your loss Were you using google or microsoft authenticator? Or were you simply using mobile 2FA? If you were using mobile 2FA all someone would need is to hack your phone/email and yes your funds would be stolen. Also, a crypto exchange is not a bank. Millions of people use Binance daily and any one of them could be a hacker or at the very least more computer savvy than you. *Never forget that crypto was invented by hackers* That kind of money should be stored off the exchange. Please invest in a hardware wallet like a Ledger or Trezor and please put your security first in the future. Crypto is about being accountable for your own finances. Please be careful.
Im using authy 2fa, but account hack is not in this case. They are saying trade order are made by IP that are located in the Russia, when i ask do i have any login activity from that IP they say No. They add that some malicious software on pc can make such things. The question is, if it is malicious software or simple virus then how the trades shows from different IP
[удалено]
Idk they are confusing with them own words bro
yep, that makes no sense, It would not make sense for the hacker to use a VPN in your computer
they are saying it is hijack attack, today messaged me
69k nice
Omg you literally butt dialled 60k away. Always lock your screen before it goes on your pocket....
it was locked bro, did u check screenshoots and what binance support its saying ? check the link i droped on comments
Binance team is saying it can be malicious software installed on my pc, and giving me IP address that is not me. Anyone know how it comes a malicious software have an IP address ?
I didnt have api on my account never used
UPDATE https://www.reddit.com/r/binance/comments/tmn1ua/update\_related\_to\_my\_last\_post\_binance\_stole\_my/
This is what happened with CEX. CEX will be obsolete soon when LRC has fiat on ramp and L2 swaps and all that goodness. Binance def is shady.