KuCoin Mobile Application for iOS
when you use the red envolope feature on the mobile app it doesnt require 2FA AND EMAIL, it only requires the TRADING PASSWORD
so this way anyone knowing only the trading password can withdraw by sending the funds as a gift to any other kucoin account, even after a few sends it will ask for email + 2fa + trading password....but if you wait 24 hours it will reset again, and now you can withdraw another amount
i believe this is a critical security issue, because a direct WITHDRAWAL requires ALL 3 security measures EMAIL + 2FA + TRADING PASSWORD, but here you can withdraw it bypassing the 2fa and email which are critical
just send the red envelope every 24 hours without typing the EMAIL + 2FA, ONLY USING THE TRADING PASSWORD
THATS ALL