Home Money How did thieves break into my Binance app… and why isn’t it returning £11k of stolen crypto to me? CRANE IN THE CASE

How did thieves break into my Binance app… and why isn’t it returning £11k of stolen crypto to me? CRANE IN THE CASE

0 comments
Snatched: Our reader had his phone stolen while waiting for a taxi in London

In July, my phone was snatched while waiting for a taxi in central London at around 1am. A man on foot grabbed him and ran.

The phone was unlocked when he picked it up because he was tracking the taxi. Once I got home, I was able to lock the phone remotely at 2:17am using the “find my iPhone” app on my wife’s phone.

When I logged into my emails on my iPad, I saw that the thief had accessed my Binance cryptocurrency account and transferred 5.16 ethereum at 1:43 am This was worth approximately $15,000 or £11,300.

Snatched: Our reader had his phone stolen while waiting for a taxi in London

I don’t understand how anyone could get into this. My phone and the Binance app were protected by a password and Face ID, and the Binance account required me to use Google Authenticator for verification, as well as enter a passcode that I set up to transfer anything outside of the app.

I complained to Binance but they say they can’t get my money back and therefore won’t refund me. North Carolina, London

Helen Crane from This is Money responds: The phone thieves terrorizing the streets show no signs of giving up and I’m sorry to hear that you have been a victim.

Binance is a cryptocurrency trading platform, where investors can buy and sell coins or tokens and track the value of their holdings.

The Ethereum coins that were stolen from him were transferred from his Binance ‘wallet’ to an account maintained by the thief on a different trading platform.

The thieves also stole £13,000 from his Revolut bank account. However, that money was returned to him.

It has left you wondering why one financial institution would agree to reimburse you and another would not.

He is also concerned about how the thieves got into his Binance account, which he thought was a digital Fort Knox.

CRANE IN THE CASE

In our weekly column, This is Money consumer expert Helen Crane addresses readers’ issues and shines a light on companies doing both good and evil.

Do you want her to investigate a problem or do you want to praise a company for going the extra mile? Get in touch:

helen.crane@thisismoney.co.uk

When she first contacted Binance, she was told there was nothing they could do because, although she had reported the theft to the police, no designated officer had been assigned to the case.

However, it was later assigned to a City of London Police officer and still Binance did nothing.

In the end they told him that once cryptocurrencies leave the Binance platform, there is nothing Binance can do to get them back.

That’s true, but in many cases where victims of scams or theft get their money from a bank (or another financial service like Binance), the cash itself is never recovered.

Banks usually decide to return the money to the victim anyway, unless they were negligent in revealing, for example, their PIN number.

And other cryptocurrency platforms also have avenues for refunds, including Coinbase’s account guarantee pilot which I covered in a previous column and which provides one-off protection of up to £150,000 for its customers.

The problem with all this is that none of it is enshrined in law. If your money is stolen, it is ultimately up to the bank or platform to decide whether you will get it back.

Big changes are coming next week, but only for banks and only for certain types of theft.

The Payment Systems Regulator has new rules forcing banks to refund customers up to £85,000 if they fall for an Authorized Push Payment (APP) scam, which is where they are tricked into transferring money to a criminal.

To ether: The cryptocurrency, valued at more than £11,000, was transferred from North Carolina's Binance 'wallet' to an account held by the thief on a different trading platform.

To ether: The cryptocurrency, valued at more than £11,000, was transferred from North Carolina’s Binance ‘wallet’ to an account held by the thief on a different trading platform.

Since your money was kept in an investment account and this was not an APP scam, the new rules do not apply.

However, I contacted Binance to ask if they would reconsider.

Unfortunately he decided to stand his ground. It told me that it will only refund customers in cases where Binance is at fault for the loss.

A spokesperson said: “If Binance is notified of a stolen device, we take immediate action to secure the associated account and restrict further activity until it is secure.”

“Unfortunately, it appears that the attacker acted quickly on this occasion and before our user could contact us.”

The best thing is that he told me that he had collected information about the transaction that could help identify the person who took his phone and that he is willing to share it with the police.

Binance also addressed your question about how the thief had managed to access your account, even though you had Face ID and two-factor authentication enabled, and had set up a passcode for Binance.

He confirmed that the thief entered his passcode when the Ethereum was transferred.

The spokesperson said: “The attacker could have gotten past security if he had obtained the passcode, been able to guess the passcode on the device or observed the victim entering the passcode before stealing the phone.”

You admitted that your phone’s password was the same as Binance’s, but you think it’s unlikely that the thief saw you enter it when the phone was stolen, since it all happened so quickly.

Another possibility is that the thief saw the access code that same night.

I’ve heard reports of thieves hanging around bars and waiting until they see someone open their phone, for example to buy a drink, and then writing down the access code and attacking them over the phone later.

Rejection: The crypto platform said it will only refund fraud victims in cases where Binance is found responsible for the loss.

Rejection: The crypto platform said it will only refund fraud victims in cases where Binance is found responsible for the loss.

It’s something This is Money columnist Dave Fishwick observed when he spent time with the City of London police chasing criminals who stole mobile phones.

It’s a good idea not to have the same password for your phone and your money apps, as this leaves you exposed.

As for Face ID, Apple allows users to use the phone’s passcode as a fallback option when the face is not recognized, in most circumstances.

Users can prevent this from happening by opting for a new feature called stolen device protection, which Apple introduced in March.

I would really recommend that all iPhone users turn this on; can be found in ‘Settings’ and then ‘Face ID & Password’.

This means that when the phone is in an unknown location (not at the owner’s home or work), their credit cards can only be accessed using Face ID or Touch ID, and the user will not be able to enter a password as an alternative. ‘ option.

Certain actions, such as changing the phone’s password, are also delayed by an hour to give them time to report it as stolen.

Binance said: “As this is a device security flaw, which is not Binance’s fault, we are unfortunately unable to offer a refund.”

It also recommended that users enable a feature called “IP and wallet address whitelist.”

This allows them to establish a list of accounts that their crypto can be sent to, and if they try to send it somewhere else, it won’t work.

I think it’s a little disappointing to be penalized for Apple’s security shortcomings.

While Binance has the right to set its own rules on refunds, it has been less generous than most banks, and even some other crypto platforms, would be under the same circumstances.

You told me you continue to work with the police to find the culprit, which is admirable.

Catching those responsible is the best way to reduce the number of stolen phones.

But there are also things we can do to protect ourselves and I hope others can learn from their experience.

If you haven’t yet beefed up the security of your bank accounts and crypto wallets, this is your sign to do so.

Some links in this article may be affiliate links. If you click on them, we may earn a small commission. That helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

You may also like