Binance halted all of it trading services for few hours 2 days ago and asked all its users to reset their API key after they discovered some trading irregularities with SYS coins and huge withdrawals from several accounts that went through. It was assumed that quite a number of accounts were hacked through API keys in this period, but no exact numbers have been posted until now, with some estimating its over 7000 BTC in total.
According to a recent post made by a Reddit user called rbllkc, his 2FA secured Binance account was hacked and the attackers withdrew all his tokens after they were converted. His first concerns regarding Binance’s security were due to the fact that he never created any API keys and he had 2FA activated on his account.
But after contacting Binance’s support team he found out that his email account- which was attached to his Binance account- was the one that was actually hacked, and that the hacker got hold of his 2FA backup code which was kept in his dropbox when the user first activated 2FA in his account.
Part of his Reddit post read the following:
“Ok, they just response, they ask some information and I sent. After some messages we find out. We think they hacked my pc and my email password. My 2fa credentials are on dropbox. I think they find my dropbox password from google and find 2fa credentials.
After that they find binance password, thanks to google. Then boom. They f.cked up my life. Binance can’t do anything because transaction were successfull. But the countries are different, ip addresses are different, trying to sell all token and withdraw all my money.
At least they should wait one or two hours. Yes, they have 2fa but I don’t know. I am so unhappy now. I have no solution now. Anyway, thank you all for best wishes and help. Please be careful. Thieves are everywhere. I lost one password an all my money are gone.”
He expressed his concerns over Binance’s security, seeing as all of the withdrawals were made from the IP address of a different country and the exchange just processed all of them instantly without conducting any additional verification. Binance replied that nothing can be done as all withdrawals were already processed.