Desperately need help with suspicious activity on my IB account. I opened a small position on Friday close and logged out. Didn't open until today's close and, to my horror, my position size was 4 times the original. The API was disconnected and there were no instructions for automated trading through TWS. Audit Trail shows a large number of trades yesterday (Monday) when I didn't even log in the whole day. What's going on? Have I been hacked? Who's doing the trades? Only I have the security device to log in and I had it in my pocket the whole time. I managed to close the positions in profit. In fact, whoever did the trades was doing my a great favour and the profits would have been significant had I accidently logged in last night when there was a 20 point drawdown in ES; still, I'm truly baffled about what's going on with unauthorized trades. It has happened before in August and I did complain to IB, but back then the positions were much smaller. Time to switch the funds to other accounts?
Seems impossible since I couldn't have run a code. Gateway wasn't open, no API connection, just a manual entry through TWS on Friday after which I logged out.
Seconding. It would be virtually impossible for someone to casually stroll in to this exact account, get the 2FA right (it would at the very least require a compromised phone and/or email), KYC verification, etc. If OP has any sort of automation this is the likely culprit. It could also be standing limit orders (GTC) that they left open. I've been burned a few times fat fingering a key and then walking away. OP should be able to check order history and correlate the events. If an algorithm was running during the time the orders were placed, then it is the culprit. OP can confirm the unlikely chance a hacker has his account by asking IB tech support for IP logs (I can't remember if the user management interface shows this). If it's not a hacker, it falls directly in the pile of things that are labeled "strictly your problem".
Thanks. Just tried to open the logs after reading your post. TWS lets me see logs for all the days since the 4th of Dec, except yesterday, the 9th.
...seriously, I've been with IB for quite some time now and never experienced anything like this. This is a big red flag. Reporting it to CFTC and the Treasury through their whistleblower program. I didn't lose any money, but this isn't ok, folks. IB was already getting suspicious when it started to accept PFOF through its 'Lite' program, but this is kind of breach of trust is on a whole different level. Time to switch to a smaller FCM.
those responsible will pay the ultimate price. you willl see. it is more serious than a kgb double agent. i respect putins rules. im not joking
What did IB say when you complained to them in August? For that matter, what did support say when you contacted them about this latest incident? Any orders entered should be attributable to the API or TWS front-end, and likewise all logins to your account should be logged. It should take all of sixty seconds to figure out what's going on.