Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

Your exchange account might get hacked today. Read this asap. (Patreon)

Published:
2021-06-18 16:20:27
Edited:
2021-10-08 00:25:54
Imported:
2021-10

Content

Sorry.

You are right. 

I'm calling your attention.

It's been already 2 users of our community that have lost all their funds this month due to being hacked. A third user didn't loose the funds but the hackers were very close to achieving it.

I'm writing this article to give you a few ideas on how to protect better your exchange account. You never know.

Tip 1: Enable 2FA using google authenticator

This is a must definitely, you cannot be using any exchange without 2FA unless you want to lose all your money in days. It takes a few minutes to enable. 

When you do it. Consider writing down the recovery codes in a piece of paper somewhere very safe. But do not write anything apart from the code. You don't want the hacker to know that those are the recovery codes! Do not write these codes in a network storage or a backup drive or a laptop. As soon as someone installs a back door tool they can read it and use it. And it happened to one of our members. So technically there is a chance in 700 that that could happen to you too. 

Tip 2: Enable SMS 2FA

This is another must for sure. Just keep in mind that hackers are calling companies to order a sim card replacement and then they can easily get the SMSs. Mobile companies are really dumb and tend to send these sim cards just by getting a call asking for date of birth and information that is usually available in your mail post. So even your neighbour with a bit of patience can gain access to your SMS and therefore hack into your exchange if they know you have one full of money. 

A member of our community didn't get his funds lost but the hackers managed to get a replacement SMS and were trying to hack his bank account for weeks. They were constantly scanning for opportunities for days to try to get something out. 

Tip 3: Keep to yourself that you have an exchange acc and money

Don't call attention. Hackers have millions of people to hack but they will certainly focus on where they know there's juice. Why spending days trying to hack someone that could not even have 100 dollars vs someone that keeps bragging that has 1 million.

Tip 4: Enable email 2FA

This comes enable in some exchanges by default, if not run and enable it NOW.

Tip 5: Enable Address management, GO NOW!

And enable the 24hr limit too! It is a must. 

This extra security measure will prevent hackers to add a new address in less than 24hrs. As long as you have access to your email address you will get notified and will be able to allow the new address or prevent them from adding it which will buy you extra time to block the funds from leaving your accounts. 

Tip 6: Do not use your personal email to open an exchange account

If you already did, consider creating a new email account to use solely for trading. This new account MUST have all security at a maximum: SMS 2FA, google authenticator and even a physical key (for example a titan security key). Once you have secured this new account behind all those methods and you are confident you won't get yourself locked out (which can take days to regain access, its TOO secure), then you can migrate your exchanges to this new email account. Do not EVER show this email address anywhere. Do not use for  any social or personal matters, only for crypto and investment.

This email address should be logged in ideally in a single device so if someone steals any secondary device they don't start getting 2FA email codes without you knowing it (this happened to one of our users!!! )

 This tip will take some time for you to enable but it's potentially one of the thickest onion layer's to penetrate for hackers.

Tip 7: Use a YubiKey

This is a physical security key recommended by Binance. It will generate a one time password whenever you log into the exchange.

Tip 8: Delete not needed active sessions 

If you go to the active sessions page on Binance it will show you how many active sessions you have. Even though they tend to expire quite quick it's always a good practice to only allow one one or max two. If you have more, or you left one open in a public or office space, then go right now and delete them all right now.

Tip 9: Do not access the exchange from an email link NEVER

Each time you access an exchange on a browser, type the address yourself. DO NOT click links on any email you receive to enter the exchange. If you receive an email, read it and then go and type the address. don't become a victim of phishing. If you have all all 2FA this will reduce the risks of phishing.

Tip 10: Do not use the same password everywhere

This must be said. Many people use the same password for every single account. Do not do this. 

A lot can be written on picking a password and how to manage it. Unfortunately many of us that are old we didn't get any digital education at school. And we are all confident with password helloworld123 and disabling face scan and touch id in our phones. You need to stop and  take some measures now. 

Tip 11: Look after your secrets

Where are you storing your password, secrets, recovery phrases, 2FA recovery codes? 

There's literally nowhere 100% safe. 

  • On paper they can get lost or stolen. 
  • In an offline storage, the drive can get broken.
  • In the network they can get hacked.

Do not put all your secrets in the same place. 

If you must use a digital online medium, at least use one that's behind many layers of security like for example  the one from tip 6: create a super secure email account only for trading and then put some secrets in an online document there.

There's no such a thing as 100% safe. But with each layer that you add you are reducing the chances of a successful attack considerably. 

If hackers have no clue that you have money, they won't bother the effort of penetrating 10 layers, but if they do get to know, then your needs for a proper tough security layers will grow exponentially. 

I'm sure many will ignore this article as we are all too busy doing backtests and setting up the next bot but I'd be very glad to hear that at least you guys enabled a few extra layers and I don't end up hearing more people getting their funds taken overnight.

Comments

Anonymous

I did not ignore... enabled as much as I can.

Anonymous

Hmm thats not good. Will follow these steps as soon as I can.

Anonymous

This was a good reminder to beef up my security. Thanks Parrot!

Anonymous

Thanks for raising awareness! It's never enough 👍😉

Anonymous

Always important to remember these rules. I certainly get lazy over time. Thank you for the reminder.

Anonymous

Nice one, cheers Mariano

Anonymous

I would also like to add an additional security step that I have implemented. Some may think it might be overkill, but since I use a highly secure password manager [Bitwarden] which makes it super simple to manage thousands of logins, I've decided to create a separate ProtonMail account for EACH exchange. And then for lower risk websites that still require good security practice, and/or websites that might be prone to hack/dataleak, I use my main PM email with a +modifier. ie- mymainemail+youtube@pm.me , mymainemail+twitter@pm.me , mymainemail+patreon@pm.me [also works with gmail, but not all websites accept +modifiers, though most do]. I feel taking the extra 10-15 minutes for creating an extra email account for each highly sensitive financial/crypto/wallet account is well well worth the extra few minutes required. Huge peace of mind knowing ALL my most valuable/high-risk accounts are completely isolated and compartmentalized. The only thing I have to worry about is my Bitwarden [password manager] password, and I use a YubiKey [not sms-2fa] for that for an extra layer on my BW account. HTH