A friend called me last night extremely pissed off about his funds being stolen. Trembling in anger he told me that his Binance wallet had been hacked and all of his funds had been stolen. In shock, as I asked how, while trying to calm him down. He kept repeating "He made a stupid, stupid mistake. Just one moment of stupidity caused me thousands of dollars." His wife had to tell me the story.
Earlier that day
He and his wife went to best buy to purchase a brand new laptop. When he got home, he took his time in setting up his new Windows 10 machine and applications. He messed with it for a little bit and then decided to check on his cryptos. He added the bookmarks to bittrex, poloniex, and hitbtc fine, but when he googled binance, he accidentally added ibinance.com without realizing it.
According to him, the website looked perfect and exact. It asked for his password, and even the google authentication code. When he hit enter, it redirected him to a page that said "ibinance.com has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site".
Confused at first, he turned on his old desktop, logged in, and found that his funds were transferred out in minutes. His heart sank, and anger consumed him. He told his wife what happened and they both wept for a while. Luckily, he will bounce back from this and although this did not give them financial hardship, it definitely put a damper on their spirits this Christmas Season. He wanted me to share what happened to him so that we could avoid the mistake he made.
How very unfortunate this happened, but we must learn from our mistakes or the mistakes that others make. Knowledge is power, the key to victory and that is why I want to share with you this valuable lesson learned through this incident.
Defend your crypto, be responsible for your financial management.
- Always check the links, even thought it maybe bookmarked, you never know if your computer is compromised.
- Use Google Authenticator, or Authy.
- Use Email Confirmation
- Use IP Verification
- Change your password regularly. (Come Up with a password system. The longer the better)
- Store your crypto in a Ledger or Trezor
- Keep your crypto off the exchanges.
- Use different wallets to store your crypto. (if one wallet is hacked, your other funds are safe)
- Save your private keys in a removable thumb drive of password protected file.
- Keep your computer patched and up to date with antivirus and anti-malware.
If you have anymore tips or advice to add, please post below so we can all learn together.
Best Endeavors!
Photo Sources
http://wearechristchurch.org/anger-diagnostic-tool-soul/
http://picturesofmoney.org/locked-up-money/
http://www.belloflostsouls.net/2017/10/dd-oath-of-conquest-paladins-are-the-dark-knights-we-deserve.html
Hi, sorry to hear about your friends situation. I believe the domain is with an
l
instead of ani
(at least the one I found that is up is with anl
). I'm writing an article about it, but it's very similar to a HitBTC phishkit I've dissected (https://medium.com/mycrypto/dissecting-a-hitbtc-phishing-site-8e631a6c29a3) - are you able to get your friend to to email me the audit log including suspicious IPs - harry[@]mycrypto[doot]com. I cannot help with any recovery, but it will help with building a case with LE.