binance 2fa lost. submitted by
Can anyone point me in the right direction to gain access to my account after I formatted my phone. I have tried finding a link on Binance without any success.
Made an account on Binance 2 years ago and put a few hundred Dollars worth of crypto in it. Tried logging in again but it won't let me log in without entering a verification it keeps sending to the email account I registered the account with. submitted by
Unfortunately, I've forgotten the email account's password, so I don't think I can access it anymore. Is there any way to access my Binance account?
In Binance I have lost Google authentication and still have my 16 character code. i set it up in Google Authenticator but I get an invalid response when I enter the 6 digits. I have tried to follow the binance support article as I suspect the Google 2FA is not enabled. I can not get to the ACCOUNT CENTER. Any help? submitted by
I got a new phone a little while back, so when I tried to login to my binance account, my google authenticator app doesn't have the key anymore, and I have no backup of it. I've tried emailing support, but the steps they require are just way too overboard, and some of the things that are being asked of me to provide, I have no access to due to deleted emails and such. Any help I can get would be appreciated! submitted by
Hello, i lost my 2fa and i tried mailing binance for same, but they are replying with automated email replies. anyone know what to do next ? please need little bit help. submitted by
My phone stopped working and I have been waiting over 10 days now. Yes- I’m an idiot I should have saved the secret key. But bear with me- I can’t verify via deposit address as I have the same issue with no access to all my exchanges except coinbase. I submitted a ticket, submitted all the ID material, emailed them 4 times, contacted on twitter, telegram and a week later they just said they didn’t hear from me and closed the ticket. I opened a new ticket and submitted everything again and still haven’t heard anything. Do I need to start worrying I will never see my money again? How long has it taken for you guys? submitted by
Hi, I have recently changed phone and lost my 2fa, i have been in contact with binance and have an open ticket (211737) i sent all the document on twice which they asked. and provided them with the photos. But now they have gone dark and wont reply and its been 10 days. Has anybody had a similar experience when trying to reset the 2fa? is there an easier way to do this? Any advice would be welcomed. Thanks :) submitted by
I hope someone from BInance will read this. I changed my phone last May 2018 and i lost my 2FA Google Authenticator as a consequence. I followed Binance's requirement in resetting the @FA authenticator but for the nth time I was told to re-submit and the issue is my photo. PLease help because all my money is in my Binance account. Thanks in advance! :) submitted by
Hi, I'm such a noob and didn't write it down. Could anyone help me recover it please? submitted by
A few weeks ago, I noticed something odd about my Binance account. 10 BNB appeared. I thought nothing of it, I recently did purchase BNB and thought perhaps I bought 10 by mistake. submitted by
Then a few days later I was doing some late night trading. There were a couple of movements I was watching out for which had begun. As I was setting a stop loss and calling it a night, I took another peek at my balance. I noticed that I had bought quite a lot of ONE, as well as some stablecoins such as USDT and TUSD. I never, every trade in stablecoins. I think in terms of BTC and any change in the value of that is just a short-term movement in my world. I first thought this was some kind of bug. Then I discovered that my stop-loss had been cancelled and my original position was sold up, all for more ONE and stablecoins. My account seemed to have a mind of its own. But what was worse is that the BTC value of my account was falling away in front of my eyes.
This was pretty late in the evening, but fortunately I didn't have a lot of beer in me that night. I immediately changed my 2FA, and then, thinking quickly, cancelled all of my APIs. I had just remembered that I recently started experimenting with a couple of third-party apps. I didn't spend a great deal of time on them, so they slipped my mind a little. That seemed to have put a break on everything.
I then notified Binance what happened, and they put a temporary lock onto my account. After submitting some ID and stuff, things were back to normal.
In all, I lost about a third of my account's BTC value. This was about two month's of hard work, gone. I had some time away from work over the summer, and set about doing some decent trading. Wiped out by some bastard on the Internet somewhere.
The API I used was restricted to trading only. As far as I'm aware, there are two ways this can be used maliciously. The first is using your account to pump up a coin. The second method is placing trades that give the hacker good returns at your expense by crossing the spread. Crappy trades, in other words. I believe I was a victim of the second method the way my account was draining so quickly. The initial BNB purchase served as a test to see if I was paying attention, and also to save themselves some fees on my behalf (thanks!) so they could eventually drain more.
Just a reminder to everyone. When creating an API, make absolutely sure that you check the option "Restrict Access to Trusted IPs Only". This was a major dumb move on my part. I'm just happy I noticed my account was behaving strangely when I did, otherwise I could have lost everything.
Be safe everyone!
I’m a USA based investotrader who made an account and was using Binance to trade alts back when it was ~legal~ for USA based traders. I still don’t understand how/why my government can/would control where I’m allowed to trade crypto but that’s another conversation. I very much like Binance, it’s UI and what not...but I need to withdraw my bitcoin now. My account is unverified as I can’t as a USA based customer I think? Here’s the issue: I lost my 2fa ability due to a broken phone (I know I’m an idiot but I can’t reset it) ...so when I go to withdraw I can do the phone number and email codes but no 2fa. I need to disable the 2fa to withdraw and to do that...have to verify submitted by
Am I able to verify as a USA citizen on Binance without having my account immediately taken/liquidated? Does verifying as a USA resident just restrict me from trading? I have no active trades up and will withdraw immediately if I’m allowed...does anyone have experience with any of this? Thank you 🙏🏼
I'm looking for an API-based service that allows for advanced trading setups ("smart trading"). So far I've been using 3commas and I was really satisfied with their service, UI and the app, until my exchange API keys were hacked and someone performed a series of wash trades on which I've lost a significant amount of BTC (not the fault of 3commas, but rather the exchange). submitted by
Therefore I'm looking for a service very similar to 3commas, but with the mandatory requirement of small amount of IP addresses they use, so I can whitelist them on the major exchanges trading alts.
3commas' using 160 different IP addresses to provide their service and it is impossible to whitelist them all on any exchange I've tried (Binance accepts only ~60, Bittrex, KuCoin even less).
In short, the service I'm looking for should meet the following requirements:
- ability to whitelist the IPs on the major alts exchanges (has to use less than 60 IPs)
- 2FA (ideally U2F) for almost every action performed on the account
- email/push notifications for almost every action performed on the account
- the rest is optional (e.g. well designed UI, android app, trailing take profits)
Posted this on Coinbase
and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
Binance Lost 2FA. When you are running the trade on the binance there is a need for you to keep the Binance 2FA key secure. But there are some instances when you have no control over them. Those can make you lose the 2FA, so what can be done during those instances. You can do the following things: Disable 2FA I lost my 2FA device. How do I get back into my wallet? August 12, 2020 15:38. Follow. There are a few reasons why you might want to reset, or disable, two-factor authentication (2FA), such as losing a device or losing access to your verified email address. The following steps outline our 2FA reset procedure. If your device with 2FA (two factor authentication) is lost broken or stolen, you should and most likely have to change your passwords, set up 2FA again, and get new verification codes.  In other words, you should and most likely have to start from scratch again due to the way 2FA works (although you can use the same email). Binance, one of the world’s largest cryptocurrency exchanges, said hackers withdrew 7,000 Bitcoins worth about $40 million via a single transaction in a “large scale security breach,” the ... 🔶 Binance is the world’s leading blockchain and cryptocurrency infrastructure provider with a financial product suite that includes the largest digital asset exchange by volume. 🔶 Trusted by millions worldwide, the Binance platform is dedicated to increasing the freedom of money for users, and features an unmatched portfolio of crypto ...
How To Active 2FA In Binance & Use 1 Mobile एक मोबाइल से 2/3 Authenticator को एक्टिव करे ! - Duration: 8:35. Rakibul Live 9,330 views I May Have Lost $30,000 Because I Uninstalled An App - Duration: 4:47. ... How to use 2FA - Two Factor Authentication on Binance - Duration: 5:06. Binance Academy 12,804 views. How To Active 2FA In Binance & Use 1 Mobile एक मोबाइल से 2/3 Authenticator को एक्टिव करे ! - Duration: 8:35. Rakibul Live 9,367 views How to Reset Your Binance Two Factor Authentication (2fa) - Duration: 7:13. Rex Kneisley 17,306 views. ... Lost my 2 factor authenticator, follow-up video! - Duration: 2:38. Lost my 2 factor authenticator, follow-up video! - Duration: 2:38. CryptoCoop 36,865 views. 2:38. ... How To Active 2FA In Binance & Use 1 Mobile एक मोबाइल से 2/3 ...