Paxful is a secure site, Our servers are safe and no customer data has ever been compromised. On the individual level hackers are very busy trying to hack individual accounts. It is up to each user to educate and protect themselves with the tools available.
Here are the most common hacks and how to protect yourself.
- Social Engineering Hack
The hacker asks for the other person's mobile number then the email address assigned to the Paxful account. The go to the email provider (gmail/hotmail/yahoo) and try to reset the password. The email provider sends a code to the account owner phone. Then the "hacker" asks for this code in the chat, saying something like "this code need to be used to confirm the transaction". The other party gives them the code. In less than 2 minutes the email and Paxful account are hacked.
Solution: NEVER give your confirmation code to anyone and always turn on 2FA.
- Email Hack.
The hacker gets access to your email account some other way (poor password, using the same password on multiple sites, tricking you into telling them) and then uses it to reset your Paxful account password. The hacker will then be logged in as you are and will wait until you have bitcoins and then send them out.
Solution: Turn on 2FA and always use strong email passwords (combinations of letters/numbers/symbols and no common words)
Hackers create fake websites or apps that look like Paxful and trick you into logging in so they can record your email and password. They can then send out your bitcoins if you do not have 2FA on.
Solution: Always make sure you are on https://Paxful.com by typing it directly into your browser. DO NOT click links in email or on web searches. Be aware that PAXFUL HAS NO ANDROID OR iPhone APP! Make sure the spelling is exact. Scammers will use similar looking words or letters like replacing a lower case "l" (L) with a capital I (i).
Paxful will never ask you to send BTC anywhere and we do not do any customer support on Skype. Customer support is only available at here in this forum, and privately at www.paxful.com/faq or firstname.lastname@example.org
- Phone "Port Hack"
There is a vulnerability in carriers security procedures that can allow social engineers to port your sim card # to their phone and thus intercept your 2FA SMS codes. Several users have already been hit with this.
Solution: The best option is to TURN OFF SMS 2FA and just use google authenticator. If you continue to use sms then you will be vulnerable.
Bad password example
Good password example