Kucoin has been publicly shady for many years now, including arbitrary listings/delistings of coins and price manipulation.
As the great Burkett (at least) once said: Fuck Kucoin.
Kucoin has been publicly shady for many years now, including arbitrary listings/delistings of coins and price manipulation.
As the great Burkett (at least) once said: Fuck Kucoin.
GRIN/ETH has the lowest trading volume out of all the GRIN pairs on Kucoin, which is ideal for that type of wash trading. However, if 20,000 grin was traded back and forth it should be visible on the chart, but Iām not sure Iām seeing any signs of that. Furthermore, this should be all in your Kucoin trading history. What does your trading history say? Thatās quite an important detail.
My trading history shows hundreds of small trades for ETH.
Do you have the exact time and date? It would be interesting to find them on the chart.
Thereās pages and pages of transactions that are tiny that look like this. Looks like 16:17 local time.
Kucoin just replied, https://www.reddit.com/r/kucoin/comments/ih5res/kucoin_account_hacked/g37z9j5/?utm_source=reddit&utm_medium=web2x&context=3
āMy trading history shows hundreds of small trades for ETH.ā
So Kucoin can see if the trades were made against a single trader or the whole orderbook.
Yeah Kucoin replied.
This is truest devastating. They wonāt help at all.
The hacker was able to unbind my google Authentication Code. But how?
Edit: they supposedly just sent an email to Kucoin but Kucoin is supposed to lock the account for 2-5 dayās after that?
Ask kucoin if they received a message via āhelpā near the days of the hack either from your email or from someone claiming to be you. I also wonder how the hacker knew with such certainty that there is a large amount in your account. The odds are 2. Either you have spoken openly to someone about the amount in your account or kucoin knows which members have large amounts and from time to time targets them. You have to take things from the beginning dude to come up with some certainty. So begin from early days of August to search and check your email activity.
Iāll ask them. It looks like they arenāt willing to help or provide any additional details until I contact law enforcement.
Whatās the purpose of a highly secure 2FA (TOTP aka āGoogle Authā) if itās able to be cancelled with an unsecure 2FA (e-mail)? Not sure if this is common practice, but it seems like a security flaw to me.
Check this out. Updated 20 hours ago. At least ridiculous. The problem is not in not using 2fa but that with its use a person was hacked.
I repeat that I am very curious that we are not talking about a massive hacking (something like this would have been published but that an account with a lot of grins was hacked.
Did you ever share your mobile phone or personal infos in social media?
The sim swap method allows someone to have full control of your mobile or you or access Kucoin from a malware infected link or device and got keylogged.
I donāt share my information anywhere. I donāt even have social media outside of twitter and reddit.
I definitely wasnāt sim swapped as my phone still works and I work for the phone company so I definitely donāt use SMS 2FA - only google authentication.
According to what you say, the case of a security gap has been ruled out either on your mobile phone or in your email. Do you conclude that this is an inside job? If so, take legal action immediately and do not cut off communication with kucoin. Be careful not to block your account. Take a screenshot of all the communication you had with them and transfer it to a usb. Make sure dates, hours are displayed. Screenshot of exchanges etc.
An inside job is the only thing I can think.
How do you get past google 2FA (on an iPhone I know thereās an exploit for android)
How do you get past email verification and trading passcode?
The trading passcode is a PIN number Iāve never used anywhere else. Not even a version of it.
How do I take legal action against a company based in China as a US citizen?
Can Kucoin confirm that a picture was submitted in support of the 2FA disable request? Did you ask them for the picture?
Kucoin is saying that you can unbind your 2FA directly from the app by yourself, but IF you want us to help you can reach out by email and then you will have to send a picture etc
check this link. itās easy for them to say that captain crypto was hacked/compromised and relieve themselves of responsibility.
They wonāt give me the picture. They say itās sensitive information. I have no records of an email coming from my address with my picture. This feels like an inside job. I feel like Iām going crazy at this point.
Hereās their final response to me.
Iām not sure that this representative knows what sheās talking about.
I donāt think there was a picture Id verification for disabling the 2FA, but it was disabled using the existing 2FA key (or an inside job of course).
But, if there was a picture ID with a date, it would be easy to compare it with your existing KYC IDs you provided when opening an account (did you?), or make a video call where they can verify and perhaps show you the picture was used while you show them yourself and your ID.
I didnt even think about this. I have a non KYC account - so they donāt even have my photo. So now Iām REALLY curious what photo was supposedly sent to verify my identity or how they got access the account.
Things Just donāt add up. Whoever got access to my account either worked for Kucoin or had direct access to my phone (didnāt happen)
As far as keylogger, I believe you need root access for that and my iPhone isnāt jail broken so I donāt have root access to my phone.
This is so frustrating.