Why I WIll No Longer Use CoinDirect - Hacked Account Update - 30 May 2018
It's been 2 days since my account on the cryptocurrency exchange CoinDirect was hacked. I've had back and forth emails with them trying to come to a resolution and today they've confirmed that my funds are now lost forever, yep all my money poof gone!
If you need a quick catch up on what happened you can read about the hack in my previous post - I've Been Hacked - lost $1321 in Cryptocurrency - 28 May 2018
I recently received the final mail and nail in the coffin with CoinDirect washing our hands of this problem
Extract from the email
I have now received feedback from our tech team.
They have amended the settings on your profile so you should now be able to setup your 2FA.
Please try to set it up and advise us if you still have any problems.
Regarding the 2 fraudulent withdrawals unfortunately we were not able to retrieve the funds, and there is nothing else we can do from our side.
All the best,
Compromised account
My account was compromised and a user was able to access it by getting my email and password somehow. Due to a technical glitch with their system my account could not get 2 Factor Authentication and the hacker had free reign over my account and not only converted some of my coins back to Bitcoin but had enough time to send it to his accounts before I was notified and could do anything.
It's unfortunate that I trusted an exchange with my money and now have to suffer for it.
Minimal Security Precautions
CoinDirect's site has very little security with only a login and 2FA (which like I said wasn't active on my account until today, they managed to fix it)
I've used other exchanges before who take security seriously and have security measures in place that could stop or slow down a hacker. Since Exchanges hold the money and don't provide users with a private key they need to supply additional security measures in order to secure accounts.
- 1 - No IP detection. I've used exchanges before and when I've used a different device I would receive an email indicating my account is being accessed by a foreign IP address
- 2 -No trade history notifications - Emails regarding activity such as converting my currency to another currency within the site would be helpful.
- 4 - Adding a new deposit address. Exchanges should allow users to add a new deposit address but first, confirm via your password and receive an email. Giving users enough time to react if new addresses are added
- 5 - Whitelisting deposit addresses. Other exchanges allow you to whitelist an address first and only allow those deposit addresses to be used without verification
- 6 - Contest transfer or lock account. Exchanges should allow users to contest a transfer and have it paused before enough confirmations can be done or lock out the account from verifying on the blockchain as many accounts handle transfers internally before pushing it to the blockchain.
- 7 - Insurance against fraudulent transactions. I would assume a company that is looking to get into the financial sector and handle other peoples money would have insurance that can cover users in case of a hack. A sort of chargeback insurance like we see with credit cards
Since The Hack
Since the hack happened I've tried to stay in constant contact with CoinDirect and even tried to track down the fraudulent transactions. Via the block explorer, I was able to find that my XRP was sent to Bittrex and i've contacted them to see if they can freeze the account attached to that specific wallet address and they're investigating the issue.
I tried to track the Bitcoin stolen from my exchange wallet on CoinDirect and via the transaction ID I found that itwas sent to a site in Ukraine called BTC trade.
I've tried messaging them via their Facebook page but i've had no response. Can't seem to find contact details on their site and I'm still waiting for a response but I won't hold my breath.
Moving forward
Needless to say, I won't be using CoinDirect's services any longer and I'll be more careful about where I purchase and especially where I store my funds. Cryptocurrency exchanges clearly have a use at your own risk policy that they hide behind and want to make money without assuming any risk at all.
If you're getting into the exchange business you should know that accounts will be compromised from time to time and there is a possibility of fraudulent use of your services and you should be prepared for it.
I've seen many stories where exchanges Like Binance, Bitfinex and even have helped recover the funds of clients who had their accounts hacked and i've also heard stories were exchanges like Poloniex just shrugged their shoulders and said sorry. This would be the later.
Here's a story from a fellow steemian @soldrakon on his hack with Poloniex
Make of it what you will but this is just me voicing my personal experience with CoinDirect. Don't use CoinDirect, Don't store your coins with CoinDirect that I leave up to you! But I'll be taking my business elsewhere and everyone I meet and know will soon follow.
Have your say?
Have you been hacked before? How much was stolen? Did the exchange offer you any sort of help? Do you keep any of your crypto on exchanges?
Connect with me
Hi, thank you for contributing to Steemit! I just followed you! Thanks for creating High Quality content! Follow back and we can help each other succeed :) Check out My Latest Post
Thanks man! I've given you a follow will check out your post shortly
Thanks a ton man!
Congratulations @chekohler! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your Board of Honor.
To support your work, I also upvoted your post!
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPDo not miss the last announcement from @steemitboard!