Background

I have made this website to inform others about the extreme vulnerability that exists at eToro. I have tried to make it condensed and simple, presenting the relevant facts on how eToro is not securing clients funds as should be expected from a financial institution in the 2020s

What happened

• In the fall of 2021, my e-mail and eToro account was hacked. I engaged IT experts to look at it, but they have not been able to determine how it occurred. At the same time, in spite of asking about it directly, eToro has failed to reply if this could be the source of the hack:  Data leaking! Hackers are selling 62,000 accounts from eToro, the online trading platform (securitynewspaper.com)

• I didn’t have a massive amount in my eToro account; it was a silent small investment meant to be kept for the next decades and given to my children. When the eToro account was hacked and emptied the value was about USD 4500, split on four different cryptocurrencies

What eToro allowed the hackers to complete without interfering:

•I am a citizen of Norway and has never accessed my eToro account from any other location than Norway. I also seldom access it (ref that it was a silent savings placement).

•Despite this, eToro allowed the hackers to go into my account and change the account phone number to a cell phone number from Russia/Kazakhstan. They could of course easily have suspended my account for a security check when such an abnormal event happened, but they did nothing.

•Further, when the hackers performed their actions, they did it from an IP address publicly known as an IP address used in fraudulent activities (proven by the IT experts that has been studying the case). The information that the IP address is known for fraudulent activities are even easily available on the internet. Again, eToro could have suspended my account for security check when login from such IP address occurred, but they did nothing.

•I have never moved any funds from eToro to another platform or wallet. I have only made purchases of cryptocurrencies. Despite this, from an IP address well known from fraudulent behavior and with a Russian/Kazakhstani cell phone number added for the purpose, eToro accepted that all my funds were transferred away to an unknown bitcoin wallet

eToro customer service and response

•When I and IT experts started studying the case, eToro first provided a report containing many errors and where data was missing. Some weeks later they provided a new reports with different information, without explanation of why the information has changed.

•eToro claims I am responsible for protecting my account, and that nothing wrong has happened on their side. When I pinpoint that even social media platforms provides higher security than what is proven by the examples above (and I can prove that several well-known social media platforms reacts to such unusual behavior that happened my account), they refuse to comment.

•eToro says that it’s nothing they can do, and refer me to the Cyprus Ombudsman which they say handle my complaint

•I filed the case with the Financial Ombudsman, whom some weeks later replied that unfortunately they do not handle cryptocurrency issues/complaints (which of course is well known for eToro)

Legal considerations

•eToro is a registered financial service, obliged to take expedient measures to protect clients' funds (regulations)

•In my case it’s obvious that easy measures could have been taken by eToro to protect my account/funds and stop criminal activity when my account was accessed from an IP address well known for fraudulent activities

•A Russian/Kashakstan cell phone number was registered to my Norwegian account

•When funds were attemped transferred away from my eToro account to an unknown bitcoin wallet, in spite of the fact that I had never earlier withdrawn any funds from my account

•All of the above mentioned actions should alone have triggered eToro to suspend my account for a security check,but they didn’t do it on any of them!

•My legal advisors says it’s a relatively clear-cut case (given regulations) – but of course bearing in mind the procedural costs and resources involved in going to court in Cyprus, it is a monetary “lost case” as such. I am, however, considering it after all so that big corporations do not get away with such behavior. I will update this site if and when I chose to do so – to be continued.

Closing Remarks

•The point of this site is to warn other people about the lack of security measures at eToro so they can make a qualified decision on their supplier

•In my opinion, based on the above, having monetary funds with eToro possesses a great financial risk

•If you have similar experiences and want to share or otherwise want to get in thouch with me, you can e-mail: contact@crypto-securitybreach.com