VALR Process to log

D

Dragone

Member
Joined
Jun 23, 2013
Messages
28
Reaction score
7
Hi, recently had some bad luck with my valr account being compromised. I wanted to clarify what the process would be to log in and transfer funds out in terms of otp’s. My assumption from previous uses is that I needed to receive an otp text message when logging in as well as well sending cash or coins to other accounts.

Is this the case or is it possible into an account with an otp and then send money out without a further otp?
 
I use an authenticator and am required to input an authentication code for each withdrawal.
 
Dragone said:
Hi, recently had some bad luck with my valr account being compromised. I wanted to clarify what the process would be to log in and transfer funds out in terms of otp’s. My assumption from previous uses is that I needed to receive an otp text message when logging in as well as well sending cash or coins to other accounts.

Is this the case or is it possible into an account with an otp and then send money out without a further otp?
Click to expand...

10 Years... for this?
 
Speedster said:
I use an authenticator and am required to input an authentication code for each withdrawal.
Click to expand...
That was what I remember when doing it previously. The reason I ask is that my phone was stolen and they got access into my valr app. The issue is that two otp’s were sent at the exact same time to my otp contact(different number to the phone) and he sent them through at the same time together. Which to me would mean they could only log in at that point. No further otp’s were shared but they still managed to withdraw funds.
 
Dragone said:
That was what I remember when doing it previously. The reason I ask is that my phone was stolen and they got access into my valr app. The issue is that two otp’s were sent at the exact same time to my otp contact(different number to the phone) and he sent them through at the same time together. Which to me would mean they could only log in at that point. No further otp’s were shared but they still managed to withdraw funds.
Click to expand...
Sorry to hear about your loss - it sucks. It really does highlight the need to be extra secure with one's phone.

I moved all my sensitive apps to a hidden, secure folder.
 
backstreetboy said:
You can have sms based 2fa as well which you probably did
Click to expand...
completely useless, a sim swap gets around that in no time

backstreetboy said:
Just open a new account https://www.valr.com/invite/VAQUJKDJ and use app based authentication.
Click to expand...
errr ... you realize this is already a VALR customer right? you're not going to get any kickback when an existing VALR customer uses your referral link

and if VALR lets you open a new account without picking up that you are already a customer ... then it is time to move to a new exchange that has proper security controls in place
 
NarrowBandFtw said:
completely useless, a sim swap gets around that in no time


errr ... you realize this is already a VALR customer right? you're not going to get any kickback when an existing VALR customer uses your referral link

and if VALR lets you open a new account without picking up that you are already a customer ... then it is time to move to a new exchange that has proper security controls in place
Click to expand...
Will take him a while to regain proper access to the account. Might as well open a new one.
 
NarrowBandFtw said:
completely useless, a sim swap gets around that in no time


errr ... you realize this is already a VALR customer right? you're not going to get any kickback when an existing VALR customer uses your referral link

and if VALR lets you open a new account without picking up that you are already a customer ... then it is time to move to a new exchange that has proper security controls in place
Click to expand...
How does one do a sim swap when they don’t have the sim and it’a still active. I’m fairly certain they were not able to receive the additional OTP’s as they didn’t withdraw all the funds so doubt it was cloned, otherwise they’d have taken it all.

My account is currently frozen and I’m in discussion with Valr now trying to figure out how they got around the OTP.
 
Dragone said:
How does one do a sim swap when they don’t have the sim and it’a still active
Click to expand...
same way they get into people's banking apps: bribe someone who works at MTN/Vodacom etc

they don't need the sim, they don't even need your phone, that's the beauty of it:

SIM swap scam - Wikipedia

en.wikipedia.org en.wikipedia.org

Dragone said:
I’m fairly certain they were not able to receive the additional OTP’s as they didn’t withdraw all the funds so doubt it was cloned, otherwise they’d have taken it all
Click to expand...
glad to hear they didn't take it all then

Dragone said:
My account is currently frozen and I’m in discussion with Valr now trying to figure out how they got around the OTP.
Click to expand...
they'll most likely ask you to redo some KYC process, at least that's what they did when I lost my 2FA some time ago
 
If you want to further increase security, use your app 2FA only on a device that never goes online (old phone or tablet) and remove it from your active phone. My authenticator can only be accessed with fingerprint. Avoid SMS-based authentication like the plague.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X