Zimbabwe’s largest cryptocurrency exchange Golix has advised its customers to review their security after some accounts were compromised by as yet unidentified hackers. However, the exchange reassured customers that the hackers were unable to withdraw the funds as this needs two-step verification, although they may have been able to convert funds from one cryptocurrency to another.
We publish the full statement from Golix below:
Please be advised that in the three weeks leading up to the 12th of March 2018 we noticed that a limited number of Golix accounts fell victim to unsolicited third party access.
The information gathered so far indicates that this malicious activity was carried out through compromised user email accounts.
As a result of this intrusion, affected users have noticed some changes to their accounts such as the conversion of their cryptocurrencies and/or the acquisition of additional cryptocurrencies through already held US dollar balances.
This issue is a priority for us, as are all matters pertaining to account security.
We have a technical team that has been making changes to our systems and has already put in place measures that prevent the withdrawal of any form of currency from users accounts.
Thanks to these efforts, we have successfully ensured that no funds are withdrawn from any account without full verification.
These measures, however, cannot work in isolation.
For additional security protocols, we encourage you as a Golix account holder to do the following :
1. Change your Golix account password by clicking on “Forgot password” before you login into your account
2. Enable two factor authentication using google authenticator on your Golix account
3. Change your email password
4. Enable two factor authentication on your email account using Google Authenticator or other 2 factor options that are not SMS that may be provided by your email provider
5. Do not use the same password for both your email and your Golix account
6. If possible, use a password generator to generate the email password for you
7. Avoid accessing your internet service over unsecure / untrusted internet services that you do not know are legitimate and verified internet providers
8. Avoid using your name, surname, children’s names birthdays and other common attributes as your password
9. Avoid accessing your email and Golix account on public internet services like internet cafes
10. Do not share your password for any account you have with anyone
11. Take note of possible phishing attacks on your email – these are “attacks” that trick you into clicking on links in suspicious emails that come through your account which may lead to loss of private data
12. Please safeguard your privacy when it comes to information about your Golix account or how you deal with cryptocurrencies. Be very cautious about sharing unnecessary information about these issues, especially on public forums like WhatsApp and Telegram Groups and on social media.