A Binance account gets hacked - Why exchange is not always at fault
A series of unpleasant events in cryptosphere has happened recently that has raised a question on the blockchain architecture. A user on Reddit shared that his binance account containing $50k has been hacked.
“I have been impersonated and sim swapped, they hacked my emails, twitter, facebook, exchanges, literally everything including binance, which they stole 2 BTC (daily limit) from today and will steal more if the account isn't frozen by tomorrow,” he said on Reddit
He got his Google Authenticator account disabled somehow. Furthermore, he is in touch with Microsoft team to get the access to his email id associated with his Binance account. However, he will have to wait for 3 days until Microsoft team comes up with a solution.
“In 3 days the hackers will have already taken my entire balance so I really need the binance account frozen now before they can steal more,” he said in his post
Luckily, he successfully froze all the exchange accounts he had money in. Soon after he posted this on Reddit, Binance support person responded and asked to share ticket details. Furthermore, the user’s account was locked soon after the Binance support person saw this.
One peculiar thing happened amidst all this is that the user’s email is hacked too. Hence, hackers might use that email to regain access to the Binance account. However, the user raised support tickets via alternate email.
Now the problem was that Binance has no system/procedure to stop this by any means. Binance is not at fault in this case. Even if the email access is revoked from the hackers, they’d still have the cookie of the session when they had the access to your account.
“They have your 2FA session cookie if I'm understanding this correctly. Basically, whenever you hit enter after putting in your credentials you web browser created a cookie/address of that session. They copy that address into their browser. Since this is a cookie for that session it will always be active until that session is ended or the cookie deleted. Not sure how either of those things could be done if they have your phone and email accounts. If they have cookies session of the email that is unfortunate. Use alt emails to lock all accounts. Then work on getting your sim card back.” Binance support person commented on the post.
In this case, the browsers are the point of failure. Neither Binance nor the end user is at fault completely.
At the user’s end, you should make sure that you log in to the official website. What people actually do is simply make a Google search and for some reasons, simply chose the very first result. Chances are that these sites are not official or maybe a scam/phishing site.
Now, when you log in to this domain, your credentials are recorded and then the hackers use on the original platform. Hence, it is recommended to have the official website bookmarked on your browser. This way, you will eliminate most of the chances to get your account compromised. Here’s a chrome extension that would help you determine the legitimacy of a site.