Enable 2FA with an Authenticator App ASAP

techlead on 03/02/2022 - 12:26
Last edited 03/02/2022 - 15:20 by 2 other users

If you are in crypto and you haven't enabled 2FA via an authenticator app, then sooner or later this is going to happen to you.

Sydney man’s plan to retire at 58 backfires after epic crypto hack

This is a cautionary tale and I thought I would remind everyone to enable 2FA via an authenticator app, SMS authentication is not secure anymore. The guy in the story had his email and phone compromised as part of an hack, so his details was included in a dump which hackers exploited. The guy got into his crypto exchange account (not named, but its quite obvious which one via the screenshots provided in the story) and emptied his account out, transferring his crypto into Binance and then elsewhere. I reckon they chose Binance because it didn't require KYC at the time of the attack.

Although there are still ways to get around 2FA via an authenticator app, it reduces the risk significantly and prevent many attack vectors malicious actors can use against you.

This goes for even non-crypto sites as well. If its available, then turn it out. For crypto exchanges which do not support 2FA via an authenticator app, do NOT use them. All of the major and reputable crypto exchanges support it, there is no excuse not to support it.

Computing Cryptocurrency

Comments

  • MrMarket on 03/02/2022 - 12:36
    +1

    If you got a lot of crypto you need to watch out for this attack

    https://www.investing.com/news/cryptocurrency-news/5-wrench-…

    • techlead on 03/02/2022 - 12:39
      +3

      That's an attack I'm very afraid of.

      Due to inflation, they need to update the price of the wrench haha. $5 can only get you a 100mm wrench at Bunnings, that ain't gonna threaten anyone, you need at least a 250mm wrench which is $7.95 lol. :D

      • bdl on 03/02/2022 - 12:54
        +1

        Wrenchception

      • MrMarket on 03/02/2022 - 13:03

        not in India you can get big wrench for less than $5 :-)

        • rektrading on 03/02/2022 - 13:07
          +2

          India is passing legislation to make Bitcoin legal.

          👍 on them for joining the future.

  • Jimothy Wongingtons on 03/02/2022 - 12:45

    Binance / BTC market has had 2fa for as long as I can remember..

    • GrueHunter on 03/02/2022 - 12:50

      2FA via authenticator app, or 2FA through SMS / email code?

  • SBOB on 03/02/2022 - 12:55

    not named

    its names in the article, IR

    To make it worse, if the money had remained in the account, by now it would have grown to a whopping $150,000.

    wait till he works out what it was worth a month ago :)

    • techlead on 03/02/2022 - 13:00

      I didn't want to name it. You can tell from the article.

    • rektrading on 03/02/2022 - 13:02

      Who cares what the price was a month ago. The user can't take out their pension until they're 65Y to 67Y.

      • SBOB on 03/02/2022 - 13:18

        The user can't take out their pension until they're 65Y to 67Y

        SMSF, if thats what it is, means they can re-allocate their investment choices/position at any time.

        • rektrading on 03/02/2022 - 13:20

          You're right, but they can't spend it to buy goods and services.

  • rektrading on 03/02/2022 - 12:58

    Sydney man’s plan to retire at 58 backfires after epic crypto hack
    A Sydney man’s plan to retire at 58 has backfired after he logged into his superannuation account one day to discover a devastating truth.

    Alex Turner-Cohen @AlexTurnerCohen 4 min read February 3, 2022 - 12:02PM

    Not your keys, not your Bitcoin

    • techlead on 03/02/2022 - 13:01

      Very true, but you don't get yield from hold Bitcoin yourself unfortunately.

      • MrMarket on 03/02/2022 - 13:46
        +1

        that cant be right rektrading said he can do all the wonderful stuff with coins
        like no regulations, no banks, anonymous, no government intervention

        but when they closed banks account I want someone to stop them, I want to complain
        I want to stakes my coin but not my keys and not my coins

        and of course we all jealous watching on the side line as crypto is the only game in town, the world is revolving around it

    • [Deactivated] on 03/02/2022 - 14:42
      +1

      except certain players like CDC are offering insurances up to a certain amount, essentially turning crypto into term deposits (eg use TAUD)

      • rektrading on 03/02/2022 - 14:59

        I'm all for earning yield, but I prefer and only use DeFi.

  • [Deactivated] on 03/02/2022 - 13:44

    lol if you don't have 2fa or even 3fa don't even bother with high value crypto

    • rektrading on 03/02/2022 - 14:07
      +1

      Bitcoin doesn't require 2FA. The network is secure enough by itself.

      People that fail to understand that use a custodian and end up getting rekt.

  • May4th on 03/02/2022 - 14:10
    +1

    2FA is very hackable too. need a cold wallet

    • Naigrabzo on 03/02/2022 - 14:18

      Can you put ya coins in a cold wallet tho?? I thought it was for monkey NFTs mainly?

      • May4th on 03/02/2022 - 14:21
        +3

        cold wallets were around long before NFTs were invented

  • cashless on 03/02/2022 - 14:26
    +2

    Mr Kundra should have invested in Hostplus My Super (2018 = 12.34%, 2019 = 6.64%, 2020 = -2.01%, 2021 = 21.16%)
    His $45k investment would now be sitting at $63,945 and it would also be sitting in his superannuation account

    • techlead on 03/02/2022 - 14:28
      +2

      If only he enabled 2FA, he would have $104k, outperforming Hostplus My Super easily.

      • cashless on 03/02/2022 - 14:44
        -1

        $104k this week, $25k next…..

        • techlead on 03/02/2022 - 14:48
          +1

          $250k the week after that…

          Your point is?

          Is it because its volatile? Volatility is good, that's how Bitcoin and other cryptos have gained hundreds of thousands or even millions of percent. If you don't want volatility go get a term deposit or buy property and stay poor.

          I can retire after 8 years of investing in cryptocurrencies, which term deposit or property will enable me to do that?

          • cashless on 03/02/2022 - 15:41
            +1

            @techlead: Apologies, but I mistakenly thought this thread was about the guy who was looking at investing to retire in 10 years, having invested $45k. Balanced Super would answer his prayers.
            Not interested in your risky set up

            • techlead on 03/02/2022 - 15:44

              @cashless: ROFL, good one. LMAO

            • techlead on 03/02/2022 - 15:46
              -1

              @cashless: When you do find this mythical balanced super account which can allow me to retire with a $45k investment in 10 years, let me know.

              I will deposit $450k from my SMSF into it immediately. hahahaha :D

        • rektrading on 03/02/2022 - 14:57

          Pensions are a time lock. Everyday price actions don't matter in 10Y, 20Y, 30Y or 40Y time.

          • techlead on 03/02/2022 - 15:03
            +2

            @rektrading: Exactly, I don't care about my SMSF value day to day. I just DCA and hodl and I'm outperforming every single retail super fund.

  • rektrading on 03/02/2022 - 14:55
    +3

    It's sad to hear that things like this keep happening.

    People have to understand that owning digital assets is an opt-out of the legacy banking system.

    It gives people the freedom of sovereign ownership but at the same time carries a higher level of responsibility. It takes away the job from Joe Blow fresh from the meat factory (university) and stores it on a wallet no bigger than the middle finger and protected by 12 seed words.

    Always keep your assets on a cold wallet. Keep both the wallet, seed words secure and never never tell anyone where or how many #Bitcoin you have. Not even to family and friends.

    Not your keys, not your #Bitcoin

  • burningrage on 03/02/2022 - 15:32

    What does this sentence mean?

    "Not your keys, not your Bitcoin"

    Sorry I am really a newie in Crypto and has been relying on Nicehash to be nice to be so not familiar with this sort lingoes.

    • techlead on 03/02/2022 - 15:42
      +7

      It means if you don't hold the private keys, its not your coins. Since most cryptos are built on blockchains which are permissionless, all that is required to move the coins, hence spend it is the private key.

      If you deposit your coins on a centralised exchange, like Binance, Kucoin, FTX etc, you are giving up actual ownership of your coins (private keys) and turning it into a contractual ownership. You have a contract with these exchanges where they hold your coins for you. Similiar to when you deposit your fiat cash (AUD, USD etc) into the bank, you are giving up physical ownership of the fiat cash and turning it into a contractual ownership.

      The risk here is that, if the exchange is hacked, you may not be reimbursed. (Read up on the big hacks like Mt Gox and Cryptopia). Reputable exchanges will reimburse you, such as Binance, Kucoin etc, but there's a risk that if the hack is big enough, you wouldn't get reimbursed.

      You need to weigh up the risks of storing your own crypto with the rewards of storing in on an exchange, such as getting X% pa in interest for staking.

      There's still risks in holding your own coins, you still need to know what you are doing, eg, keeping your seed phrases safe, use a hardware wallet with Metamask, don't use Metamask naked, you are going to have a bad time, always use protection (hardware wallet).

      • burningrage on 03/02/2022 - 16:25

        Thank you for the explanations. Getting a good hardware wallet huh… is the gist?

        • techlead on 03/02/2022 - 16:30

          That's right.

          My suggestion is to get a cheap one, the base model will do fine. You don't need the fancy touch screens and the Bluetooth connectivity. Don't get one with a battery, its not going to last. All these fancy gimmicks just increases the attack vectors from which hackers can potentially compromise your wallet. Remember that nothing is foolproof, if there's a will there's a way.

          Check this video out, https://www.youtube.com/watch?v=dT9y-KQbqi4.

          The good thing is that all of the "hacks" for hardware wallets so far require physical possession of the wallet, so no remote hacks yet.

      • Hoofee on 04/02/2022 - 11:32

        Good points. A small FYI for clarification, you can still use a hardware wallet and stake your crypto for crypto that allows staking and typically the crypto doesn't leave your address (you don't send it to another address).

        If you stake on an exchange, it is not in your wallet as others have mentioned and you're at higher risk.

        It's just a bit more difficult to stake when doing via your own hardware wallet because you have to figure out each crypto's staking techniques and website locations for doing so (some you can do via the hardware wallet software, but some take more work and you have to do via websites etc).

        For those with hardware wallets, best to use a proper seed storage than rely on your bits of paper with written seed. Be aware that many are rubbish:
        https://jlopp.github.io/metal-bitcoin-storage-reviews/

    • greyeye on 04/02/2022 - 08:52

      in cryptocurrencies, (mostly in general) you do not own the "coins", what you have is the right to modify the values of a certain wallet(address).
      so when you buy a coin, you can transfer to your own wallet.
      The exchange will initiate the write of value/transfer to your wallet/address. This is announced to the entire blockchain that the "value" is now moved to the new wallet/address.

      Now, only YOU have the ability to modify/announce to the world when you move this "value" to the different account (eg back to exchange to sell it or move to another account when you're buying stuff)

      This is where "key" talk is coming from, in order to make change to your wallet/address you need to make a new announcement to the world/network but only with the matching security key of the wallet can do that.

      Since you do not own the key, when you have coins in the exchange, ppl tends to say, no key not your coin.
      not all blockchain uses the key to make change, but very similar mechanism.

      • rektrading on 04/02/2022 - 09:53

        I've heard a lot of things about #Bitcoin but never heard someone describe it the way you just did.

        Did you come up with this yourself or is it from a published work?

        • burningrage on 04/02/2022 - 13:40

          Still enlightening tho…

    • Hoofee on 04/02/2022 - 11:47

      Just a word of caution seeing as you're new. If you ever make your way to any of the coin's official crypto Discord / Telegram chats etc for whatever reason. Say you have a question or problem regarding a particular coin etc, you WILL get Direct Messages (DM's) by people wanting to help you. They WILL look or act just like an official support person or Mod and be friendly, they look very convincing and can have the same name, avatar as the official Mod or related person. Looks legit.

      Never interact with any direct messages, they are all scammers and should be ignored. If you chat to them long enough they will eventually ask you to send your seed phrase to them. Then it is no longer your crypto as they create another wallet with your seed phrase and then transfer your crypto out to other addresses.

  • WT on 04/02/2022 - 13:18
    +3

    just set it up, my $33 is safe!

    • techlead on 04/02/2022 - 13:56

      Better than $0 :D

  • robertwt7 on 16/02/2022 - 11:11

    I think most of the exchange requires 2fa right? (kucoin, binance)

    • techlead on 16/02/2022 - 11:14

      Correct, all reputable exchanges have it. If they don't, they are not reputable :D.

      The issue is, you need to turn it on, just because they support it, doesn't mean every client of theirs turn it on. That's the problem.

Login or Join to leave a comment
Login Join