I Spent 8000 USDT to "Security Test" Binance, and Binance Gave Me 2000 USDT as a "Thank You"

https://preview.redd.it/aa1u00m8smmg1.png?2730&format=png&auto=webp&s=704b2c4fbde106a8d5a71a60417449cfb2ca5797

I Turned Another Victim of Binance's Security Flaws

On January 15, in Binance's official Telegram API group, someone impersonating an official employees member despatched a "signal software type" document. I immediately contacted Binance buyer help to verify the id, and I sent the suspicious file to Binance. After being informed it wasn't official, I deleted the file and ran a full antivirus scan on my pc, considering the danger was eliminated.

Timeline of Occasions:

• January 15 – February 5: Binance acquired the suspicious file I submitted however never analyzed it. They didn't provide right danger administration steerage – only informed me to vary my password and e-mail. This month of silence set off the first domino.
• February 6 (early morning, around 3 AM): Hackers bypassed all my security settings (password, e-mail verification, fingerprint/face ID, 2FA) and instantly logged into my account. They executed almost 50 high-frequency, illiquid choices trades (cross-trading) to regularly switch my almost 8000 USDT belongings to zero.

https://preview.redd.it/0fwtp6t9smmg1.png?379&format=png&auto=webp&s=d2b2b533fa7aadfcf6d063b85caf64a2ac4eee30

Binance later admitted: "The orders were not placed by the consumer" and confirmed the assault originated from the malicious .lnk file disguised as a .doc file I acquired, which loaded malicious .dll information to hold out the attack. But additionally they said: "As soon as the hacker logs in, the platform can't determine it."

This conclusion reveals three layers of failure in Binance's security system:

1. Failure in Danger Dealing with
After I proactively reported the suspicious file, Binance failed to research it for almost a month, gave no danger warnings, and only advised me to vary my password. That month of silence was the primary domino.

2. Login Danger Control is Nearly Nonexistent
Hackers bypassed all my safety measures: password, e mail verification, fingerprint/face, 2FA. Binance still can't clarify whether it was cookie hijacking, 2FA bypass, or an unknown vulnerability.

3. Buying and selling Danger Control Utterly Failed
At 3 AM, hackers used almost 50 cross-trades on illiquid choices (buy at 7000, promote at 4000) to drain my funds. All through the method, Binance had no warnings, no intervention, no blocking. If login can't be secured and trading can't be monitored – what precisely is Binance's danger control protecting?

The Ironic Half: In 2024, a consumer suffered the identical assault technique (hacker intrusion by way of malicious information) and misplaced tens of millions of USDT. Binance then publicly promised to:

• Improve login storage security
• Strengthen cookie lifecycle management and backend verification
• Improve irregular cross-trade detection

Two years later, hackers can nonetheless easily breach consumer accounts, cross-trading stays unimpeded. Where did Binance's "safety improvements" go?

Binance's Response: All through this incident, I cooperated absolutely, offered essential information, and helped Binance determine the assault technique. But Binance refuses to acknowledge its duty. As an alternative, they provided me two "goodwill gestures":

1. 2000 USDT cash
2. VIP2 for one yr (charge cap 6000 USDT) + 2000 USDT cash

I can't assist however joke: "I spent 8000 USDT to security check Binance, and Binance gave me 2000 USDT as a thank you." If this have been a bug bounty, my check value can be too high; if this have been compensation, my loss was merely discounted. As for the VIP2 advantages – they feel like a merchant making an attempt to move off a fly as a peppercorn.

My Simple Demand: Based mostly on legal responsibility allocation, Binance should take full duty and compensate me 8000 USDT.

Last Ideas:
For a month, I've suffered from insomnia, nervousness, and melancholy. All I acquired have been robotic replies: "Thank you for providing useful info. The knowledge you offered has successfully helped our danger control and security groups further optimize rules… We provide 2000 USDT as a goodwill gesture." Relating to liability and compensation, they remain silent.

Binance, can you really shield customers' belongings? Or will you just evade and move the buck when something goes mistaken? At present it's me, tomorrow it might be you. In case you're a Binance consumer, please share this and help extra individuals see – this isn't just about me; it's about everyone with belongings on Binance.

"Those that collect firewood for others shouldn't be left to freeze within the snow."