Fraud news is often heard, and the crypto market is no exception. This is not only because the cryptocurrency market itself still has a certain technical threshold, but also because the "invisible and untouchable" nature makes it difficult to trust (of course, this refers to blockchain, not paranormal events). Therefore, some people are wary of cryptocurrencies, while others add layer upon layer of encryption, setting passwords, SMS verification, Face ID, two-factor authentication, fingerprint unlocking, and even preparing private keys, thinking that this way they can be completely safe... but is it really so?
Enabling Google 2FA still got hacked
On the social media platform Threads, a user named jimmie394313 shared that his Google email account was hacked, and as a result, his assets on the BingX exchange were stolen in less than five minutes! What's even more shocking is that he had already enabled two-factor authentication (2FA), so how did this happen?
At the time, he didn't know why he was hacked, and he said he had set up Google's two-factor authentication, and the news sparked discussion among netizens, who wanted to find out why the security mechanism was breached despite so many protections. Little did they know, the problem might lie in the settings of Google's Authenticator.
How did the hackers steal the account?
However, it should be noted that there are many ways for hackers to steal a Gmail account, including phishing websites, malware, and even social engineering attacks. For example, hackers may impersonate exchange customer service and ask users to provide verification codes, or use a fake Google login page to let the victim unknowingly enter their account and password. Once the hackers successfully obtain the Gmail login information, and with the cloud sync function enabled, they can easily obtain the 2FA verification code, rendering the victim's protection useless.
There are countless ways to defraud virtual assets, and you can also read this article:
The Google Authenticator setting hides risks
Another active influencer on Threads, Ziiv, said the problem might lie in the "cloud sync" function of Google Authenticator.
After the hackers have stolen the Gmail login information, if the victim's cloud sync function is enabled, the hackers can simply log in to Gmail on another device to automatically sync the victim's 2FA verification code. This is like the victim opening the door to protection, allowing the hackers to easily steal all their data and virtual assets.
*What is 2FA: Two-factor authentication (2FA) is an identity verification and access management method that requires you to provide two forms of identification to access resources and data. Enterprises can use 2FA for monitoring and helping to protect their most vulnerable information and networks.
Ziiv believes that turning off cloud sync is important, so even if hackers manage to infiltrate your Gmail through various means, they won't be able to obtain the 2FA verification code, and the protection mechanism will truly be effective! So don't take it lightly, in addition to setting up two-factor authentication for your Google account, "protecting the way to obtain 2FA" is also very important.
How to turn off cloud sync?
1. Open the Google Authenticator app on your phone
2. Tap on the personal profile picture in the top right
3. Select "Use Authenticator without signing in to an account"
Then click confirm, and the cloud sync will be turned off.
Of course, after turning off cloud sync, if your phone is lost or damaged, those 2FA verification codes will be gone forever (it sounds like you have to use your life to verify the security and convenience of your assets). Like me, I thought I don't have much virtual assets, and the probability of losing my phone is quite high... so I still choose to keep the sync function on. (Laughs)
But if your assets are more valuable than your phone, don't hesitate anymore, go and turn off the cloud sync to protect your account!
Protect your own account security
Although two-factor authentication can improve security, if 2FA becomes a "buffet" for hackers, that would be disastrous. So, should you turn on or off the cloud sync? There is no standard answer, but the only standard is - never let hackers know your security settings better than you do. After all, assets can be earned back, but a broken mentality is hard to fix!
〈Even with Google 2FA, hackers still stole crypto in 5 minutes? The Authenticator setting hides risks!〉 This article was first published on《NONE LAND》.
