On 5th March and 6th March there were 2 articles in coincrunch.in around a user getting scammed. This is an official response post so that there is no inappropriate information that gets spread. You may read the 2 articles on coincrunch to get more context.
The world is increasingly moving towards a security model which goes both ways - a shared security model. Where the platform is built resilient and secure and the users also are vigilant. We would be educating the users on what are the most common traps so that users can remain aware and protect their account.
What has bitbns done as immediate steps
2FA has already been mandatory starting today for all crypto or INR withdrawals.
We would be adding an additional layer of email confirmation soon over this to improve the process even further.
We would alert user in case our automated risk detection algorithms and associated teams detect any abnormal activity to the user
We also have an initiative which we are planning where all such folks list (Alleged scammers) would be put on blockchain. So any new exchange or financial entity or anybody for that matter can plug into it and ensure that the users whom they are onboarding do not have a previous record of any misdoing. Had discussed this with a few exchanges. We would update on this when things take concrete shape.
What's the conclusion for the user:
The user Ashish mentioned in the coincrunch article was scammed by an ex community moderator for our Telegram community of Bitbns. We would be helping the said user recover all his losses in this case.
What's the conclusion on the scammer side:
Arijit Dey (Real name), @dcryptoMania is his telegram handle, his Facebook handle, his Linkedin, his Twitter, is the alleged scammer in this case. And we would be filing a police complaint on the same. You may stay away from the person mentioned. He is no longer associated with Bitbns.
What does it mean for other users of Bitbns and crypto community in general:
Nobody else's funds have any issues. It is a case where a user was tricked into revealing details and scammed. But this thing is not exchange specific. This has happened with Binance and also other exchanges in India.
Here's what users should be doing:
Have a more secure password which you do not use on any other account for Bitbns.
Do not share OTP, password, 2FA code or any sensitive information or do not store them at a place where someone can access them.
Do not access your Bitbns account from a device used by multiple people or a public device.
No one from Bitbns would ever ask you for any sensitive information by mailing, calling or chatting. Do not reveal any such information.
Do not click on any link sent by anyone from the logged in browser, double verify that the website you are opening is the intended website and not a spoof by checking and bookmarking the right one
Next we would be pointing a couple of cases on how accounts can get compromised:
You have stored your 2FA key in your notes section on mobile or laptop and someone gets an access to your laptop or mobile for a few mins and can use it.
Find the image below. This is an image which looks like the login of Binance one of the top exchanges globally. But interestingly it is not. If you can observe there are 2 dots below the letter 'n'. This is a different domain. Do not login to domains which are look alike with a slight change in any character or click on a link that comes to your mail from a domain which does not belong to the registered website.
In spite of all this in case your account is compromised you may reach out to us. Our teams would be available 24x7.
Let's move towards making crypto a safe place. As users who have been in the space for sometime you should make newer users aware. On Bitbns end we would constantly work towards educating users from all our official channels.