If you think someone has gained access to your account or suspect that login details have been compromised, here’s what you can do:
If someone logged into your account but you still have access to it, do one of the following:
Usually, whenever there is a new or unexpected login on your account, we immediately notify you via email with a link to report it and lock your account if you suspect intrusion. So just click the link in the email.
Your account is locked immediately, and all sessions are terminated. The faster you act, the higher your chances of saving your bitcoin. Next, contact support to restore access to your account. After that, take steps to protect your account.
Steps to protect your account:
- Change your password to something secure (a password that you have NOT USED on other sites or emails). Try to make your password as complex as possible, but at the same time, be sure to remember it.
- Check to ensure that none of your other settings, such as your email or phone number, were changed. If they were changed to something you don’t recognize, change them back.
- Go to your active sessions (Settings > Security > Active Sessions) and log out of all sessions by clicking the Close icon next to them.
- Log out of your account.
- Log back in using your new password.
- Download Google Authenticator(iPhone/Android) or Authy (Mac/Windows).
- Turn on 2FA on Paxful and scan the code with your phone. Remember to turn 2FA on for BOTH login and sending out as it will make your transactions more secure. We recommend using Google Authenticator or Authy over email 2FA, as it is more secure. Just bring up the app and get the code every time you want to log in or send crypto.
- Set your security questions and write them somewhere. You’ll need them if you ever lose your phone and need to reset your 2FA.
- If the support team can trace the hacker and recover any funds, we will contact you. Hackers often cover their actions very well, and it is not possible to track them down to reverse cryptocurrency transactions.
- It is advised that you change passwords for any other accounts you have online, as hackers normally gain access by getting into your email or other accounts.
If you can’t log in to your account:
Contact support and provide all the information required by our support agents. Once it’s verified that you are the account owner, inform support that you need an ACCOUNT LOCKDOWN. The support team will see if there is enough data to prove you are not a hacker (and will try to give you access to your own account). Once it is verified that you are the victim and rightful account owner, account access will be restored.
Once you log in, secure your account immediately.
How did this happen, and how can I prevent it from happening again?
To prevent this from happening again, we suggest that you don’t use the same password across websites and that you have 2FA with Google Authenticator enabled.
At Paxful, we are constantly improving our security processes to keep your funds as safe as possible.
So where did the cryptocurrency go?
- Check your account activity to see who logged into your account. Take note of their IP address.
- Check your wallet ledger to see the cryptocurrency address they sent your coins to.
With the cryptocurrency address and the IP address of the thief, you have some information, but it is often impossible to track them down. Our support team does not have the resources to help you investigate further because hackers often use VPNs and also because of the general anonymity of cryptocurrency. It is nearly impossible to track them down, so try your best to make your account as secure as possible.
Enabling 2-Factor Authentication is a good way to prevent any of these from ever happening.