A crypto investor lost $50,000 on Binance, the world’s largest cryptocurrency exchange. Unfortunately, however, the user will never be able to get the funds back.
Hacked Email, No Support
In early June 2018, on the cryptocurrency subreddit (/r/cryptocurrency), one user detailed a process that led an account with over $50,000 worth of cryptocurrency to be inaccessible.
The investor, with an online alias ‘BeanThe5th’, claimed the account was initially hacked after an unauthorized individual gained access to the sim card or mobile network through impersonation and directly phishing the customer support of the mobile service provider.
Eventually, hackers penetrated into virtually every account on every platform linked to the mobile number, including email, Twitter, Facebook, and most importantly, cryptocurrency exchanges. By hacking into Hotmail and Binance accounts, the hackers were able to withdraw two Bitcoins, before the investor publicly released a statement on the cryptocurrency subreddit, requesting Binance Support to lock the account to prevent the leak of more funds.
At the time, Binance Support said:
“Hi, account has been locked. Please contact us via the ticket system to initiate the unlocking once you are ready and feel your accounts are secure.”
However, BeanThe5th responded to Binance with a major concern; because the hackers have access to the email linked to the investor’s account, they could submit a support ticket to initiate the process of recovering funds, which may potentially lead to the loss of additional funds held in various digital assets. The investor said:
“Alright thanks, but what if the hacker creates a ticket as he still has access to the email used on the binance account. I sent the support ticket through an alternate email which you probably saw when checking the ticket, can you please not accept any support tickets made by the email listed on my binance account because he will just continue to steal if he is able to unlock the account.”
A month passed since the investor filed a request to Binance to lock the account and streamline the process of recovering the funds stored within the account. Still, since Binance Support has been reluctant towards processing any support request that is not sent from the email linked to the Binance account, the investor has not been able to access the locked account.
Microsoft refused to recover the Hotmail account of the investor even after verifying ownership of the account and as of current, the account on both Binance and Hotmail are essentially locked permanently, with no ways to recover without direct assistance from Binance. The investor added.
“But sticking to the topic of Binance they will not allow me to regain access unless I send the support ticket through the email associated with the account which is literally impossible as it has been suspended forever and no one can access it.”
No Solution, Takeaway
The situation cannot be solved unless Binance gets directly involved in the process of account and fund recovery, which is possible but highly unlikely.
One takeaway from the recent Binance crypto account compromisation case is that it is not always secure to utilize mobile numbers as the main two-factor authentication (2FA) system because fraudsters can easily impersonate the owner of the mobile number to gain access to it via direct customer support.