Quote:
Originally Posted by eddymitchel
fished with 2FA feel like a weird explanation, unless they can determinate the seed of your authentificator from one connexion.
Quote:
Originally Posted by bucktotal
i had 2-fa on the login so i dont buy that explanation at the moment.
it definitely could have turned out worse. and the hacker made the trade at the perfect time.
It looks like it works like this:
You enter email + pass on spoof site, scammers enter that on real binance.
You enter 2FA code on spoof site, scammers enter that on real binance.
Once they are in they set up an API that let's them make trades for you.
In the case of this screenshot it looks like the person got scammed by googling "binance" and getting tricked by one of the spoofed websites which can show up high on google because of ad promoting done by the scammers. Avoidable by always navigating to exchanges from a bookmark. Unless a hacker changes your bookmarks then or you have some sort of malware that redirects you... but that's significantly harder to do than tricking people to click a link.
It would be nice if these exchanges added some form of 3FA, maybe geolocation/email verification when you log in from a strange place.
Last edited by beansroast01; 03-08-2018 at 12:23 PM.