Nucleus is targeting accounts with 2-FA disabled and taking the BTC from those accounts almost as soon as they land. If you contact them via support, they will claim you were phished. How can you be phished without clicking any external links to phishing sites and only visiting the market from an official link that you copy and paste from a static source every time? Hmm. Is the security on Nucleus really that bad? If so, wouldn't it be the worst market to use and one we should all actively avoid?
I think we all know this has been happening for quite some time now whether we want to believe it or not, and not just within the past 2 weeks. SWIM (someone who isn't me) had an issue that resulted in them being refunded by Nucleus on a 2-FA disabled account. They actually did refund the person, but before they could withdraw the funds that were just transferred to them they were already gone. This was in the same day the BTC landed, in less than an hour, without clicking anything and with a recently changed password and PIN (around weeks prior), just with 2-FA disabled.
It's sad that a market seemingly so great with so much potential has to pull such a scam. The best thing everyone can do is just enable 2-FA. Sometimes it's a pain, and we know why, but if this is going to be happening (which it is) and the scammers themselves say to just enable 2-FA then I think everyone needs to start listening.
To my knowledge, there has been no reports of this on 2-FA enabled accounts. Even though users who don't have 2-FA enabled are put at fault for not having it enabled in the first place, we all know the truth is just that a large majority of these people who haven't clicked any kind of phishing links have just been robbed by NUCLEUS, plain and simple, there's no denying it. It's easy money for them, a quick $500, $1,000, etc. and they can deny any requests for help and not respond because of their emphasis on why 2-FA should always be enabled, and the potential consequences if it's not. They just take advantage and capitalize on it not being enabled, and we should all be smart enough to know that by now.
If you don't believe this, or me, or any of the other people who reported this exact same thing happening (and imagine how many people this happens to who don't report it here) that's fine, go ahead and disable 2-FA and start loading BTC onto your account.
However, if you do believe this then all you should take away from it is that Nucleus is fucked up, and you should make sure to have 2-FA enabled so you don't get scammed by Nucleus.
Didnt read the whole wall of txt but to answer your question of how you could be phished only using official links. You could be keylogged or ratted or your traffic could be sniffed. you could use the same user:pass as you do other places. you could have a low security password really the possibilitys are endless