I don't get the discussion about 2fa and Google. You also can use "WinAuth" and has nothing to do with Google. You can use it on a normal PC and not a phone. Also OP and the other victims mentioned that they didn't use 2fa. The intruder only used 2fa to get the API keys for his bot. The IP numbers are in the logfiles. But IP numbers doesn't say a thing, more....doesn't say anything.
The question stays how on earth did the intruder get the login info.
The question stays how on earth did the intruder get the login info.
Because this guy claimed his account was hacked and 2FA enabled to withdraw the stolen funds.
https://bitcointalk.org/index.php?topic=1423584.msg14482234#msg14482234
But to be honest , we have no 3rd party verification that anything that anyone has posted is true.
The victims must report the crime so it can be investigated.
