This was the title of a Reddit thread I saw today. Here’s a screenshot in case the thread ever gets deleted or moved.
Hello, I have been impersonated and sim swapped, they hacked my emails, twitter, facebook, exchanges, literally everything including binance, which they stole 2 btc (daily limit) from today and will steal more if the account isn’t frozen by tomorrow. They logged in and somehow disabled my google authenticator and I cannot get into my account, microsoft is working on giving me the hacked email back that is related to binance but they say it will take 3 days to escalate the ticket. In 3 days the hackers will have already taken my entire balance so I really need the binance account frozen now before they can steal more. Luckily I was able to freeze all other exchanges I had money on but please upvote guys I really need this resolved. Also if someone from Binance sees this I submitted support tickets under an alternate email but don’t think that will do much and it definitely won’t be answered within a day so please help me out 🙁
- When your coins are on an exchange, they don’t belong to you. It doesn’t matter if you’re using GDAX, Binance, or shitty Cryptopia. You don’t hold the private keys to those coins, so they’re simply IOUs.
- If you must keep funds on an exchange for whatever stupid reason, then at least choose a decent one. GDAX seems to be the most trusted one in the industry. If you’re trading altcoins, I guess Binance is the best option.
- The amount you keep on an exchange should be an amount you’re willing to lose at any moment. Sorry, that’s just the reality of crypto until we have more regulation and security standards. If you choose to keep $50,000 on an exchange, don’t feel bad if it’s all gone one day.
- “Withdrawals are so expensive” is a terrible excuse. Binance charges 0.0005 BTC for BTC withdrawals. Spending 0.0005 BTC on security is better than risking $50,000. If withdrawing your crypto at the end of a trading day eats up all your profits, it’s best to go find a 9-5 job.
- Don’t use SMS-based 2FA. Mobile carrier security protocols are notoriously lax, and it’s so easy for someone else to gain access to your phone number. Google Authenticator is a slightly more secure option, but only if you keep your seed key in a safe place and don’t lose your phone.
- Binance handled this very well by locking the account within a reasonable amount of time. I guess this is a situation where the 2 BTC daily withdrawal limit is a good thing. The damage could’ve been a lot worse if the user had been verified and cleared for a 100 BTC limit.