db:threat/credential-compromise
Threat
Someone else is answering your phone.
Credential Compromise
An attacker gets into your exchange account through some combination of phishing, SIM swap, credential stuffing, or password reuse, then drains the balance to an address they control.
The full threat page — recommended controls, incident references, and citations — is being prepared. The complete treatment is in Defending Bitcoin today.