I got hacked and lost $125K in hours with 2FA on

I got hacked and lost $125K in hours with 2FA on
pensativo86
0
0

I got hacked and lost $125K in hours with 2FA on

I was the target of a cybercrime on 10/17 around 3am CT. A hacker obtained access to API credentials on my Binance.US account and executed multiple trades on highly illiquid alt coins to profit on the other side. My account was drained of $125,000 this way in a matter of hours. I had Google 2FA, IP address whitelisting, a unique password, never click on email links and only go directly to Binance.US when logging in.

I created a read only API on Binance in February 2022 for Zen Ledger for tax reporting reasons. One possibility is that I unintentionally created the API key with trade access AND someone hacked Binance or Zen Ledger to get the API public and secret key. The secret key is not visible on the Binance portal even if someone had my credentials. It was never shared since then and I didn’t save it on any devices. In either case, even if I did create the API with trade credentials, Binance documentation states that trade permissions should automatically be disabled after 30 days: https://www.binance.com/en/support/announcement/updates-to-api-key-permission-rules-2021-07-08-cda0a4b53da04396b5d27881e93abf78

If the hacker had my credentials and was able to bypass 2FA through cookie hijacking, it is only possible to create a new API with 2FA, which I have enabled on my account. 2FA is required upon creating a new API key.

Another possibility is that someone hacked the Binance API bridge directly. The worst case is that this was an inside job. I don’t want to think that it is, but I want to list all options I can think of for transparency.

Binance suspended my account while they investigated. Their only conclusion is that the hack occurred through an API. They refuse to provide other details and are denying responsibility. They said they would cooperate with the authorities and told me to refer to their terms of service regarding my responsibility for security of my account. I had all security measures enabled.

I have reached out to legal counsel and was advised that I reach out to the Secret Service Cybercrimes division, Attorney General and file a local police and IC3 report. I have done this and currently waiting for responses. I will post updates to this thread as I go.