Re: 24 BTC stolen from my bitstamp account 2FA and email confirmation protected
Most likely a login session on the phone was not terminated, so hacker simply re-enter bitstamp and at the same time email account is usually auto-login, no 2FA is required
There is a weakness from bitstamp's side: You don't need 2FA code for withdraw. Since usually your email session is always logged in, once a malware took control of the device, he only need to wait until you logged into bitstamp
I just checked my computer, my email session is always automatically logged in, so it is also possible a malware can withdraw all my coins when I logged into bitstamp. Scary but true
There is a weakness from bitstamp's side: You don't need 2FA code for withdraw. Since usually your email session is always logged in, once a malware took control of the device, he only need to wait until you logged into bitstamp
I just checked my computer, my email session is always automatically logged in, so it is also possible a malware can withdraw all my coins when I logged into bitstamp. Scary but true