@indepreserve@Devar A rarely scenario that could happen. Step1: User login website trading, not logout yet. Step2. Hack remote connect to user's compromised computer. Open your website without needing to login as the session is still there. Move coin away by entering the password only.