Unauthorized access is a serious thing, so remember to make sure you have a good password and all the security measures enabled.
If you think someone has gained access to your account or you suspect that your login details have been compromised, then you must do the following steps immediately before even contacting support. Enabling 2-Factor Authentication is a good way to prevent this from ever happening.
If someone logged into your account but you still have access to it:
- Usually, if someone logs into your account we are sending an email about that if you can't recognize this device you can click on COMPROMISE link in the email. The faster you act, the higher is the chance to save coins.
- The first step is to download Google Authenticator or Authy (iPhone/Android).
- Turn on 2FA on Paxful here and scan the code with your phone. Remember to turn 2FA on for BOTH login and withdrawal as it will make your transactions more secure. We recommend using Google Authenticator or Authy over SMS 2FA as Google Authenticator is more secure. Just bring up the app and get the code every time you want to login or send bitcoin.
- Change your password to something secure (a password that you have NOT USED on other sites or emails). Be sure to remember to make a good password and remember it!
- Make sure none of your other settings has been changed such as your email or phone number. If they have been changed, change them back.
- Go to your active sessions (Settings -> Security -> Active Sessions) and log out all sessions by clicking on X.
- Log out of your account.
- Log back in using your new password and 2FA.
- Set your security questions and write them somewhere. You’ll need them if you ever lose your phone and need to reset your 2FA.
- It is advised that you change passwords to any other accounts you have online as hackers normally gain access by getting into your email or other accounts.
- If the support team can trace the hacker and recover any funds, we will contact you. Hackers often cover their actions very well and it is not possible to track them down to reverse bitcoin transactions.
If you can’t log in to your account:
- Contact support and provide your username, email, phone number, and security questions and answers to prove that the account is actually yours. Once it’s verified that you are the account owner, inform support that you need an ACCOUNT LOCKDOWN.
- Support will see if there is enough data to prove you are not the hacker (and will try to give you access to your own account).
- Once it is verified that you are the victim and rightful account owner, account access will be restored.
- As soon as you log in, immediately follow the eleven steps described earlier.
How did this happen and how can I prevent it from happening again?
With the bitcoin address and the IP address of the thief, you now have some information, but please be aware, that usually, it is not possible to track them down. Support does not have the resources to assist with a further investigation. Hackers take advantage of the anonymity of bitcoin and utilize VPN. Due to this, it is nearly impossible to find a trace of your funds, so try your best to make your account as secure as possible.
To prevent this from happening again, it is recommended that you don’t use the same password across websites and that you have 2FA with Google Authenticator enabled.
So where did the bitcoins go?
- Check your account activity to see who logged into your account. Take note of their IP address.
- Check your wallet ledger to see the bitcoin address they sent your coins to.
With the bitcoin address and the IP address of the thief, you have some information but it is often impossible to track them down. Support does not have the resources to help you investigate further because hackers often use VPN’s and the anonymity of bitcoin. It is nearly impossible to track them down, so try your best to make your account as secure as possible.