Binance stopped all of their operation for few hours 2 days ago and requested everyone to reset their API key after they found out ongoing unusual SYS trading and massive withdrawals from several account which they approved and processed. Many accounts were suspected to be hacked through API key during this but they haven’t still posted any accurate numbers till now while some suspect its over 7000 BTC in total.
According to a reddit user who goes by name rbllkc recently posted how his 2FA secured binance account got hacked and hacker withdraws all his tokens after exchanging them. He was first concerned about binance security because he have never created any API keys according to him and he also have 2FA activated in his account. But after contacting with binance support he figure out that actually his email account was hacked which was attached to his binance account and the hacker got 2FA backup code which was saved in dropbox when user first activated 2FA in his account. Below is part of his post from reddit ;
Ok, they just response, they ask some information and I sent. After some messages we find out. We think they hacked my pc and my email password. My 2fa credentials are on dropbox. I think they find my dropbox password from google and find 2fa credentials. After that they find binance password, thanks to google. Then boom. They f.cked up my life. Binance can’t do anything because transaction were successfull. But the countries are different, ip addresses are different, trying to sell all token and withdraw all my money. At least they should wait one or two hours. Yes they have 2fa but I don’t know. I am so unhappy now. I have no solution now. Anyway, thank you all for best wishes and help. Please be careful. Thieves are everywhere. I lost one password an all my money are gone.
He concerned about Binance security because all of the withdrawals were made from IP of different country however binance processed all of those withdrawals instantly without making any manual verfication which is quite logical but binance replied that as all withdrawals were already processed so they can’t do anything.