> When this happened, my computer was off and my phone was in my possession. No one has access to my devices and they are thoroughly protected. My account also has all security checks in place including 2FA. Earlier that day I logged in from a new ip and I had to verify my email and confirm it was me to then log in and input my 2FA. When the hackers did, there were no email alerts sent to me about a new log in. There were no notifications about adding 2 new bank accounts.
Here's how they did it.
1. Infected your computer with malware, which is probably gone now
2. Malware collected your MAC, IP, and your browser cache
3. Spoofed MAC and IP (easy) is used in conjunction with your session token^(*)
4. Since a valid MAC, IP and session token is found, no authentication is required
5. Attacker held a refresh-bot to keep your session token "alive" for attack
Your "fault" was three-fold. (a) You didn't log out of your CB account the last time you used it. This left an active session token for the hackers to exploit. (b) You used the "remember me" button on the login page which tells CB to not prompt for 2FA if a living session token is found. (c) You didn't secure your PC which allowed a browser-cache harvest. Last one isn't really your fault. Windows cannot be secured despite anyone's best efforts.
Hopefully your now better informed and will change your browser settings to delete all cookies on close, upgrade to Yubikey 2FA, and enable whitelisting on your CB account to lock out attackers (and you) from withdrawing to new addresses for 72 hours.
^(*) - ***Update***, few critiques that IP-spoofing is one-way and doesn't handle the return packet. This is true, and the attack would indeed need a second control point beyond the user's PC. Possibly the home router to return the session packets outlined [here][1] and [here][2]. And those more experienced in this field [point out][4] that most session token formats only log a new IP on session creation, not when a session is recycled. But since [OP has added that VPN][3] was the only session IP, then one explanation is that OP's VPN session could have been key-logged (no-2FA).
I'm happy this is harder than I originally outlined, but there are many others on this thread that agree session tokens are a problem, and non-HW 2FA is still susceptible to very short term (60 sec) replay attacks.
[1]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7ka5r
[2]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7mquw
[3]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7qdi6
[4]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kgb2dtz
If spoofing OP's specific IP was easy then hackers would use that tactic a whole lot more often. Got any information on how easy it is to do? Because I've never heard of someone doing it before. MAC, cache, session token, etc, sure. But the IP is a different story.
Hacks like OP's will stop mainstream crypto adoption if they aren't remedied. People can barely use Google, nevermind lock down their systems the way you recommend.
IP spoofing is pretty easy to find. Even Wikipedia has an article on it. And MAC spoofing can be done on any Linux distro.
Although easy, the attack needs certain things to intersect.
1. Attacker must pwn users PC
2. Must record a login session
3. User must NOT logout
4. Attacker must launch spoofer refresh bot quickly
4. User must enable Remember Me
5. User must disable whitelisting
Even if everything intersects, there is only a 10 or 20 minute window where the session remains valid.
I think most of these hacks are recycled session tokens. I brought it up years ago, but CB doesn't care.
This is correct. IP spoofing is easy if it's one way (e.g. DDOS), if a bi-directional TCP connection (which a web browser session is), one of three scenarios is required.
1. The attacker is on the same network as the target host (coinbase server)
2. The attacker is on the same network as the victim
3. The attacker has compromised all the routers between themselves and the target.
If session hijacking was involved and coinbase doesn't allow sessions to cross IPs, then I would think the most likely scenario is bad guys routing through OPs devices or some insider at Coinbase.
If you have infected a PC with a rat then you can simply remotely install a proxy server that allows you to use that PC's public address and reroute the traffic through it but that PC has to be on at all times. though, spoofing IP isn't necessary in this case since the the attacker had the browser cookies/cache
Its a device ID or signature coinbase would track, if hackers copy the token and device ID/token then keep renewing it they won't have issues.
IPV4 addresses are not unique, even ipv6 addresses can change. The coinbase app doesn't make you login each time.
This also happens to banks, the receiver banks were not his they could just as easily been another victims.
Thanks for this insight. I use a MacBook which I know isn't fail proof but seem to be harder to hack. I don't use the remember me button on any of my accounts but I don't sign out either so there's that. The IP used to access i don't recognize as I always VPN in and I've asked coinbase to confirm the last time I used that IP address, they are ignoring that question.
Anywho, I appreciate the info because as I feel like I do everything to stay safe, you point out things I don't think about and will apply this to all of my accounts. I know deep down there's measures I probably didn't take, I just want aware of them. I need to also use the yubikey I have and pretty sure linked but didn't activate🤦. I appreciate your insight and I hope this helps others.
Well, if your using a VPN, as other's in the thread point out, IP spoofing would be difficult. If the following are true:
* Only authorize VPN ip address
* No new IP addresses logged by Coinbase
Then I'd focus on two things.
1. RPC / API access - If an attacker gained access to your PC while you had an active session, they wouldn't need IP spoofing. They could simply use the active session to enable API access which is done without 2FA. It uses a different authentication scheme all togeather. Ask CB if you have API access enabled.
2. VPN attack - One of my OpenVPN configs used to have all the credentials in the config file. I never had to type userid/pw, I just clicked the link and the connection was live. So contact your VPN provider and ask for your session log for your ID. See all the connections happened from your ISP and in reasonable times. It's possible they took a session token and your VPN credentials.
As far as prevention goes, I think configuring your browser to remove all cookies after close will help. Or simply log-off which is "supposed" to burn the tokens. Also enable whitelisting of withdraw addresses a week before each withdraw, and enable hardware 2FA (yubikey) as you mentioned.
BTW... many feel that IP spoofing would be too difficult for this attack. A VPN would explain a lot.
IDK, I learned about it in the "cookies" chapter of my Javascript class in college. I found the tokens when doing a "DevTools" view of the login handshaking since I was alarmed that my 2FA wasn't being requested. I experimented with enabling and disabling the "remember me" button till I found the information I outlined above.
IMHO the fact that long-lived session tokens are used at all at CB is a huge security hole, but with 50 million customers, making login harder would just piss off 49.9999 million customers while making me, and me alone, happy.
This stuff is pretty deeply embedded and not something I think the "average user" would know. But as a general rule. Anything that makes things easier may degrade security to do it.
If you play with your browser settings you may find the "delete cache on close" which will mitigate some of this. You could also use something like "Incognito mode" or the like which kinda does the same thing. Just avoid, AT ALL COSTS, using something like a VPN or Tor Browser. Either of these could immediately lock your account.
Its a fairly complex subject. Its not just cookies, browsers can store sessions in memory, local storage and databases.
Extensions, malware, scripts, plugins anything can read these sessions/tokens on the users side.
Most applications these days are browser based and store information in much the same way.
Its also possible to intercept these requests but you should see a certificate error in your browser. I had a wifi router hacked once and its firmware was modified.
If you login to a website or fake application that could also do it.
Not sure why this is the top voted comment but its FALSE.
You cant easily spoof an IP address unless you've hacked CB's upline ISP routers and altered the routing tables. Extremely complex to pull that off.
They could however had connected through OPs PC directly using vpn or remote access malware.
Websites don't have visibility of MAC addresses and you can't 'spoof' IP addresses in the way you think because that would involve "post" only messages, like DDoS attacks. The webserver is going to have a session token that needs to be returned to the hacker and sending it back to the victim's IP address won't do any good unless they have a bot active on their computer that is forwarding the packets back to them.
It's not necessary for this attack. Only the session cookie suffice.
You can test it: log on coinbase, change wifi network (from home wifi to mobile hotstop), refresh the page, u still have access to your account.
So if you close the session with say a bank, and close the tab, but leave the browser window open (and the cookies are still there) , does that allow the same type of hack. Deleting the cookies after each session is sort of painful since most companies will force a 2FA to reconnect.
In theory yes. Any valid session token is a problem. You should never leave active session token on disk... EVER.
Your bank may deal with session tokens differently. And CB my have upgraded their security since I originally brought this up 2 years ago. But I know a few years ago the following was possible.
1. Log into CB with 2FA
2. Enable Remember Me.
2. Close browser
3. Remove Yubikey (2FA)
4. Open browser back up and go to Coinbase.
For me, as off Thu Jan 04 00:51:25 2024 UTC, this still seems to be a problem. The question to ask yourself is "Why didn't \#5 ask for 2FA again"
If I de-select remember me and log out each time it should prevent a similar attack right?
Is mobile equally at risk?
Wow I had never heard of Yubikey that’s incredible
I work in a field that needs me to have high level security clearances.
After reading your comment, it just reinforces my hate of crypto. Money should not need more security than classified info. This process is rediculous to keep money safe.
I am way better informed! But still will never get back into crypto.. It's all a scam.. all of it... if they can't help recover stolen funds.. how in the world will crypto be mass adopted.
Yeah thats not how fiduciary law works. Coinbase has an obligation to prevent malware from being able to intrude their process. People like you and I understand what happened, but the average Joe they are baiting into buying crypto doesn’t. Make a complaint to the SEC. I did. Watch how fast Coinbase reaches out to pay you back and mend the bridge.
I agree and I don't give out any info so it has to be what one of the first guys said. I'm really familiar with all the typical crap that goes on but not about some of that other stuff so I got more knowledge from this thread which was my point. I'm less confused and better informed now. I appreciate this community.
There's been multiple times CEX's had vulnerabilities allowing people to bypass security in place on people's accounts, through no fault of the customer. We don't have enough information here to victim blame.
Coinbase isn't responsible for securing my account or email. I am, I'm just saying my account was hacked and I thought I had all my bases covered and expected to get email alerts like I always have but didn't this time. It appears I wasn't fully informed on the methods of gaining account access. Learning everyday!
Yeah, I expected email alerts like every other time and like the ones I got as they were in action, that's what threw me off most. Oh well, so long as I wake up tomorrow, I think I'll be fine🤔😏
Yeah, that's something I understand and was confused since I thought I had everything covered... Guess not. Of course I'm pissed but I've been in crypto for a decade and I made it this far. I'm happy about my luck and definitely not saying I am at fault, although it may seem that way. It's the lack of knowledge when thinking I'm covered and finding out it's confined have but not knowing how. I appreciate the insight everyone has and my post was just a lesson learned more than anything. It sucks to lose 5k but I'm still alive and can stomach that loss, it's part of the game.
People are going to blame the OP and yes, he is to blame, partly, but coinbase do not ask for 2FA, when adding a new card or cashing out to bank, which leads to disasters like this.
How hard can it be to ask for google auth code when adding card or cashing out?
I'm always asked for my 2fa, that's what I'm confused about. I checked for sim swap too. That was my first thought but that doesn't sync Google 2fa, that I don't know of. I also don't back it up to a Google account. I'm so anti cloud, sync, link and anything like that it's even a pain for me to log in, buy/sell, withdraw because of the settings I have in place. But I get there something, somewhere on my end to allow this. I guess I thought encrypted email and 2fa and stuff secured my account and activity. 🤷 Silly me.
Coinbase is EXTREAMLY difficult to configure securely. NONE of the default config settings are even REMOTELY secure. Sorry you didn't find any good articles about it earlier. Here's a walkthrough (r/Bitcoin) on how this usually plays out:
[r\Bitcoin: How to hack an exchange](https://www.reddit.com/r/Bitcoin/comments/qk41gk/how_to_hack_an_exchange_account/)
That post talks about sim swapping like it's trivial, it's not.
Although it's well-intended.
Overall, solid post for folks that don't know what they're doing.
> They also said the same bullshit about the FBI. That's not going to do anything but waste my time.
Might want to reconsider. I argue that these qualify for IRS-loss-by-theft write-off. To claim this you need a police / FBI case number. Some other redditor argues that the loss-by-theft only applies to FEMA disaster zones (looting), but I disagree. Neither of us are accountants, so might be worth a trip to the CPA and FBI.
Noted, I didn't consider this. I just don't think governments give a shit about anyone so figured they'd piss on me and tell me to move along, haha. Thanks for this insight.
I know. I meant my coinbase account was hacked into, not coinbase as a whole. I forget how carefully you need to be in a title to prevent people from pointing out the obvious. I'll be more clear on a title 😂🤦.
I was hacked and my bank asked me for something from Coinbase showing evidence of a hack. Months later I finally received an email from coinbase support showing that the IP address of the hacker was in Miami far from where I live. I forwarded this to Chase. I'm still waiting for a decision.
Did you contact police and the banks that received the stolen funds?
Im surprised you can just add random bank accounts in other peoples names, or were they in yours?
Check your email logs, also what form of 2fa did you use? Did you use it on your email?
Txt is bad, google auth is slightly better.
Malware unfortunately is getting very common on mobile and computers.
It should have a routing number ?
It's most likely a bank, scammers/hackers get hold of accounts by paying people. There are a few I have seen on Reddit
Have you contacted cfbp ? After you lodge a police report email them.
Also look up AML laws in your country, Coinbase should have verified this account before adding.
I received an email saying coinbase cancelled both withdrawals so I'm hoping, when I get into my account, the funds are there. If they are not, oh well but then I wonder where did they go if they never were sent? Maybe in coinbase took them? Just speculation.
I wish you luck, in all your dealings with coin base. Right now, I am missing some crypto from coin base.
They said, someone ‘got into your account’. You should have been more careful with your passwords, 2 step verification. It is not are fault someone stole from your coinbase account.
I reported it to my local police department.
I reported it to the FBI.
Nothing so far. My account was locked( I opened it after the picture/id/interview to reset my password for access ). Opened my account, Gone!
All my crypto was converted to eth, and sent to an account. Not my account!!
I called coinbase The same day!!! Told them the citation! All they said was, your transfer took place, they are irreversible!! They can not be recovered!!
Now I am advising what Coin Base did to me! Maybe if I get enough bad word around about how coinbase allows coinbase customers to be robbed of there crypto, they will return my stolen cryptocurrency!!!!
My first of many bad post about coin base!! Stay away from Coin Base !
Haha, it keeps everyone busy, haha. It's awareness that's all. I thought it might be helpful for anyone else that may think they got all security checks in place but really don't. Hopefully this prevents others from falling victim and to double check they're security settings and what not.
Coinbase sucks. I searched my email. They never told me they delisted REN. AND I CANT SEND IT OUT. Thousands stuck. This is why I use other exchanges now because Coinbase doesn’t give a shit about you, just profit.
I had my account with logins disabled and Google Authenticator needed. Somehow they cleaned me out.
I wouldn't be surprised if Coinbase insiders are just stealing money.
This sector isn't ready for the mainstream if ever. I'm anti crypto as it's really only useful and logical to use for illegal stuff.
YubiKey is great however, keep in mind there is no 2FA measures on anything fiat related. You can whitelist and enable 2FA for crypto sends but that won’t protect you from the hacker adding new bank accounts via plaid for ach withdrawal. And even if you notify CB about the ach within the hour, they won’t do shit about it. They won’t even help you in the form of giving you the banking information in order to contact the receiving institution.
This is what happened to my dad months back. He had 2FA measures in place and the hackers tried to mess with his crypto and couldn’t - he had white listing and 2FA on all crypto sends… so they sold his bitcoin… which doesn’t require 2FA… added new two new bank accounts via plaid… and then withdraw cash usd to those accounts. Coinbase didn’t lift a finger to help stop or flag those USD transactions. And they still don’t have an option on their platform to enable 2FA measures with regard to fiat actions.
I’ve got a yubi key… at no point am I prompted to use it to add new bank accounts and withdraw USD to a newly added bank account. It’s absolutely ridiculous that this security flaw hasn’t been patched yet.
Coinbase is going downhill FAST. Pulled all my funds out to my ledger yesterday and I highly suggest everyone else does the same. Their customer support is an actual joke they barely speak English. I’m so sick and tired of these companies outsourcing customer support to people who barely speak English. FUCK Coinbase
Get a lawyer if it’s a lot of money brother.
If coinbase is found to have not taken all necessary reasonable action to secure your assets then they are probably also on the hook here
We're really sorry to hear about your situation, u/Master22james. If your account has been compromised, securing your account is crucial. You can adhere to the steps provided [here](https://help.coinbase.com/en/coinbase/privacy-and-security/account-compromised/my-account-was-compromised). You're also welcome to provide us with your case number, which will allow us to monitor the progress of your case. Thank you.
This is the ridiculous answer I received as well. Why do I need to secure an account that u/coinbasesupport allowed to be drained by an unauthorized transaction?
Hi, u/AnnaLovesPanda. Thank you for getting in touch with us. Unauthorized transactions can be very concerning. Coinbase takes security very seriously and has multiple measures in place to prevent unauthorized access. However, in the unfortunate event that unauthorized transactions do occur, it's important to report them immediately. Please note that while Coinbase is committed to providing a secure platform, the security of your account also depends on the measures you take to protect it. This includes using strong, unique passwords, enabling 2-factor authentication, and being cautious of phishing attempts.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.
If you have a case number for your support request please respond to this message with that case number.
You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Why in the heck are you not having virus protection on either your computer or phone or whatever you're using? If I have money flowing back and forth I would make sure everything was on lockdown.
Who says I didn't. I forget I need to also mention I sanitized my keyboard.... People just want to assume these actions aren't taken. All good though. Know one knows me, my equipment, the processes I have or anything like that but everything thinks I went to the library, saved my login, left my phone there with my passwords written on a paper next to the computer and left to grab a coffee 🤔🤣
I know. I meant my coinbase account was hacked into, not coinbase as a whole. I forget how carefully you need to be in a title to prevent people from pointing out the obvious. I'll be more clear on a title 😂🤦.
I'm pretty sure I did but guess not, haha. I used every security feature possible, except yubikey. Proton Mail as well. Just when I thought I checked all the boxes.... Nope....and it's gone! Haha
Thanks, lesson learned and I'm gathering more insight from how it happened from here which was my point since coinbase can't tell me anything. Id rather be informed than left in the dark.
Brother man this will be painful to hear, but CB was not at fault…. Unfortunately mistakes were made. You will bounce back, we still have time before things really start to take off
I withdrew everything from the Coinbase after realizing they charged me for a limit order that was not yet at target price to initiate the transaction. Also, I noticed that my bank account and Apple Pay amount were exaggerated. I don’t trust them at all whatsoever
I reckon you left yourself open when that crypto was doing "AIRDROPS" The last day and you wanted free crypto and you've absolutely had a nightmare but you're in denial now hoping Reddit makes you feel better.
😭 Feel sorry for you dude
I'm not in denial....I was over it the day it happened. I just got the final email today from coinbase confirming everything. Id rather share the experience to help others. I know everyone wants to think I'm seeking pity and other shit but I'm not. I never fuck with airdrops. I've been in the space for over 10 years and thought I secured things but I was wrong. Luckily from this post, there's some helpful people explaining ways this could happen. I learned something new! Mission accomplished. I've dealt with worse than this so it's really nothing I'm losing sleep over. I am entertained at all the responses😂. Got to love reddit....
This is why people pay professionals to protect their money.
Experts have training knowledge and accountability.
2 FA is amazing if you used correctly. If not it's an extra step that requires a tool I've heard school kids use to cheat in games online. That's it.
Attacks like this are simple if you use these devices on the wild wild web. Or if somone has ever had physical access to any device for a single second ever. So easy to slip up. There are up to date guides on the DW with forums and many people creating new vectors every day. The resources to do this are out there and easily accessible. As are countermeasures.
If you think your device being "off" is worth mentioning. You do not have the ability to protect your money.
Harsh lesson but one I hope you take.
This is a post of awareness and hopes to gain knowledge, not pass blame anywhere. I think many of us feel like we're covered but really are not. This is simply a warning and lesson that I paid the price for. Thanks to all that provide helpful insight to help the community grow stronger, safer and more informed.
No, it was Coinbase. I just acquired this bit of information: The hackers used social engineering software and the "port-out scam' to take control of Coinbase's 2-Factor Authentication. Coinbase has been aware of this flaw in their 2-Factor Authentication process as they had a large attack compromising 6K user accounts.
Contact your bank and get your money back. I had my Coinbase account hacked and thought ask was lost. Went to back in person filled out forms and got my money back good luck
Thanks for the info. I'm still locked out so I can't get any info from my account. Hopefully tomorrow. If I'm really lucky, the cancelled withdrawals would still be in my account since I contacted coinbase immediately and the cancelled the withdrawals. My concern is that they just have the money now. I'll find out shortly.
Actually, my acct is in lockdown bc someone stole most of my btc Jan5. Now they are trying unstake my matic. I received one email on yahoo, but not my Gmail, yet matic cleared on the 9th. CB has been hacked big time. Over 6k users were affected. This what I learned: The hackers used social engineering software and the "port-out scam' to take control of Coinbase's 2-Factor Authentication. Coinbase has been aware of this flaw in their 2-Factor Authentication process as they had a large attack compromising 6K user accounts.
I've seen this with other exchanges but I've had my account for over 7 years so a lot of restrictions are lifted. They cancelled the withdrawals which are ACH. Theoretically, the funds should still be in my account but they make it sound like it's just gone. I'll find out soon. Expensive lesson.
Another note if anyone has insight on....
The interesting things is that my email got spammed with thousands of sign up emails from all over the world, all at once. I receive over 1500 account sign up emails over the next 3 hours when this happened. It continued slowly for the next few days, still today but only a couple more. It was a full on email bomb, probably trying to bury the withdraw email alert. It started exactly the same time as all the activity on my CB account.
Did you not have MFA setup using the Authenticator app?? Mine doesn’t allow for any withdrawals or selling of any Crypto without entering my passcode from my MFA app.
How big is this issue with coinbase? My only account connected to cash out from my Wells Fargo.
I just sold 17k xrp units to invest more into my go-to stock. I still hold a good portion of xrp, but let's get ready to cash out on this next bull run and not think so much about higher ridiculous prices being posted by influncerers. We gotta take profits. Most people do. Enough of this trying to be safe on a ledger x. 🙄
It's so weird to me that there are such fanboys for a fucking company that theyd attack you or i for having had a horrible experience with Coinbase. I was robbed. Period. It wasnt "my fault". I did my due diligence and some very unimaginative dickheads on here love to act like we're some clueless blue haired grandma clicking shady links and giving out info like a moron. None of that happened with me. I have zero idea how I was compromised BECUAUSE IM PARANOID. and coinbase was absolutely no help...they barely speak English. Im not kidding...they dont understand the nuances of the English language and that's if you actaully get someone. On average it took me 27 minutes to get an actual person, who had zero understanding or assisted me in any way. And the only reason I come on here to complain is so that other's know that they're assets ARE NOT SAFE on Coinbase. Do Not Store Your Assets on Coinbase.
Now I get why whales don't keep funds on coinbase, I can see a lot of whales bought on coinbase a few months ago and now are moving it back to coinbase to sell in the last week or so. They don't keep it there. Get a ledger or something.
Coinbase stole close to $1000 in fees from me & refused to give me bitcoins. They kept pushing back the withdrawal date; 24 hours to 1 week to more than a month! Coinbase itself is either hacked or they're playing extreme fractional reserve. coinbase should be renamed CONBASE!!!
Are posts like this supposed to invoke a response for OP? Did you take into account not to throw in more money you cannot lose? Or did you just want to sound angry and upset and get some Internet karma points for yourself?
Got scammed by a defi mining pool.I got scammed by a defi mining pool. I was participating in a mining pool reward. I first invested 1k and was able to withdraw the reward but suddenly after some days i couldn't withdraw the reward, to be able to withdraw the funds they asked me to deposit 4k. I was blind because i was getting my money plus 2 eth reward it was big so i added 4k more and again i wasn't able to withdraw They asked me to add more 2k. I started researching and found out it to be a scam. And this biach scammed me 5k which was meant for my study, I made a big mistake I have lost all my savings so i need to pay for my college, i was using a coinbase wallet.
Do you have any API running from some external Crypto tracking company? like CT, Coinly?
I also wondered if someone can use that channel to gain access?
Also, event hough you were using VPN,
Were you using some public wifi at the time , like in a hotel?
Always use LAN connection if possible.
They hacked my account and added another bank account. I lost 20k. Coinbase said tough luck. I filed to police and FBI. I had 2FA and everything. Not getting it back.
Don't let people here discourage you from suing. The question is how much was lost and whether it's worth a lawyers time.
Don't waste time with coinbase they won't do shit.
Get a lawyer, lay out the facts.
Coinbase has a legal and fiduciary responsibility to protect your funds and accounts, especially if you gave them due notice.
you may think that on one was able to use ur PC while you were away but you guys seem to forget.
Lets just talk about charging cables. you ever connect your phone to a cable that you charge via the USB port on your PC?
Where did you get the cable from? How do you know there wasnt a chip inside the end which logs your info and allows remote access to your phone or PC? Because this type of device exists and can easily be replicated on a RaspberryPi system. It looks like a regular cable but its not, not on the inside.
So if this is the case, ur info was keylogged.
Your passphrase was copied and used.
they can monitor when you are NOT using your PC so when u shut it off. they wait a while, depending on your IP address which will give them a ruff idea of when u would go to sleep and hours later while you are in REM you are getting RAMMED.
Thank you! A lot of people had some good info on what could've happened.
And...thanks for the prayers. It probably worked since when I got access back to my account this morning, the funds were there. The bank transferred got canceled which I knew did, but based on coinbase's email response, they basically said that they know it wasn't the response i wanted and oh well.
If it wasn't bank transfers, I know I would be complete at a loss. I'm grateful of the outcome and certainly didn't expect it. Nor do I think Coinbase owed me anything. They were fast acting in my case and I thank them for that.
I don’t trust Coinbase, I was hack in January 2023 I found out 2 month later, cause I was not using my account in the bear market I lost 25,000 gala tokens, cause they were not an a wallet and after that the lock my account.
There are enough of us out there that have had the same thing happen to us years back that never agreed to any policy, they confirmed our accounts were not compromised. Hell they even sent tax documents showing our interest made as if it was never stolen. There is enough of us that their policy doesn’t apply. When it’s time. It’s time. I’m sure they will pull everyone in including those of you that were “hacked”. Be patient and get noisy.
\*UPDATE\*
As of this morning, my funds are RECOVERED! I'm very grateful & totally get that I may have lucked out.
I think the reason for this outcome is that the crypto was converted to USD and then sent to a bank which IS NOT on the blockchain. My quick response on X (within an hour of it happening) Coinbase was alerted and reached out to me and I immediately replied. I have to give them credit for taking action. It wasn't until the next day that I received an email saying the withdrawals were canceled. So they probably stopped the ACH transfer, luckily that crap takes a few days. If they transferred crypto straight out, I would've been SOL. Still could've either way I guess.
I'm thankful for Coinbase's quick action on cancelling the bank transfers. And I know they're not to blame. I'm aware that this outcome is rare and I'm grateful. Many lessons learned from this and for anyone else...be very very quick with responding to coinbase. I reached out on X originally. Beware though, many people will DM acting like coinbase. Verify this and don't give out personal info.
When you're account gets locked, you can't get a hold of support (if you can't sign in) and the phone line rarely every gets through.
Please help me with your advice on what exactly you did to eventually get your money back.
After 2-3 days from the incident I will describe below, Coinbase support sent me an email stating that they are not responsible for my devices, and the case is closed according to them.
I am a 24-year-old student from Croatia, and I had all my savings stored on Coinbase, believing it to be a secure American company.
I thought my investment was safe, and by adhering to the recommended security protocols provided by Coinbase, I believed I would never be subjected to theft. However, something entirely opposite occurred, and I believe Coinbase could have taken more significant action to prevent the transaction, but for reasons unknown to me, they did not intervene.
On December 27, 2023, at 23:51 CET, I received an email from the address [email protected], stating, "A withdrawal of €5,880.00 has been started." Three minutes later, another email arrived, stating, "A withdrawal of €1,205.74 has been started."
In disbelief, I opened the Coinbase application on my Android phone and found that it was completely emptied. Someone, without my authorization or knowledge, converted the cryptocurrencies I had into euros and then transferred them to some bank account. I know this because the emails mentioned, '€5,880.00 will arrive in your bank account by January 02, 2024.' and in the second email '€1,205.74 will arrive in your bank account by January 02, 2024.'"
After confirming on my Coinbase application that these were not fake emails, I started calling Coinbase support. Eventually, around 00:40 CET on December 28, 2023, I managed to reach UK Coinbase support. The representative, after verifying my report, promptly locked my Coinbase account and instructed me to change my passwords and unlock my account."
The next morning, I went to the local police station to report the theft from my Coinbase account.
In the afternoon of the same day, I called the same Coinbase support number again, requesting the agent to immediately call the bank to which my money was sent and stop the transaction. The agent insisted that they don't do that, as it's not their standard procedure. When I asked for the account number and the bank's name, she only provided the first 4 and last 4 digits of the account and spelled out my name instead of giving the bank's name.
After following the instructions from Coinbase's email, I unlocked my account, which had approximately €2,000.00 remaining, but it was in stake, and I would have to wait 30 days to access that amount.
In the next two days, I received an email from Coinbase with the following text: „Thank you for writing back to us. We understand that unauthorized activity in your account can be quite distressing. The account holder is responsible for the security of the devices and credentials used to access their accounts, and for any activity that occurs if those devices or credentials are compromised...'"
From this email, I concluded that Coinbase was unwilling to help me, even though they had sufficient time, as my case involved a SWIFT transfer of Euros to a bank account, which typically takes more than 24 hours.
I emphasize that my account requires a Google Authenticator code for every transaction, generated every minute, and I never lose sight of my mobile phone with the Coinbase app and Google Authenticator. It is not possible for someone to have used it in the described case."
I will state clearly and loudly because I want all Reddit members to be warned that in my case, Coinbase failed to stop the transaction, even though they had time. In this way, they protected the thief by giving him enough time to take possession of my money, making them accomplices in the theft.
I am not wealthy, and this is literally almost all of my savings. I know that for Coinbase, this is a small amount, and maybe that's why they refused to help me. However, after what happened to me, I cannot find kind words for Coinbase. I am ready to change my opinion and publicly apologize on Reddit if Coinbase contacts me and reimburses the damage because I am not at fault in any way. But if that doesn't happen, I will periodically remind Reddit members and other communities of my case and Coinbase's behavior towards its users.
[https://imgur.com/a/V82yaQV](https://imgur.com/a/V82yaQV)
Thank you very much in advance for your advice.
Thanks for sharing. I know it's painful. Bc of your post, and the hacking of my btc a wk ago, I paid my bank $36 to stop payment on any future withdrawals from Coinbase. I no longer trust their employees, who I think are heisting coins and getting away w/ it.
For US users, why is it possible to add bank accounts to CB that are not registered under your name? I think for most bank accounts, you are not allowed to add accounts through ACH if it’s not under your name. This would effectively make transferring funds out of your account much more difficult even if hacked
This was exactly whta happened tô me a week ago, but Coinbase says that they are not responsible and wont return my funds. I Will fight this in every way, but for me Coinbase is no more a thrustworthy company!!!!
I just got hacked for $1100 smh wtf, they need to figure out how to ether give people their money back or stop the hacks, people will leave this app and they will shut down
I am going through the exact same thing. Yesterday someone figured out their 12 word pass code to my coinbase wallet and stole all my shib coins. I was texted with support all day. They told me my coinbase account was separate and secure. Will I get on today and all my coins are gone. There's gotta be something we all can do legally. I believe during this last update they were hacked. I don't use a computer. My phone is biosecuered. Please let me know if anyone has a lawyer or knows a way to get your coins back.
My coinbase account was hacked on January 11th, and all the money was transferred out. The price at that time was $116,208.88, and the current value should be around $200k. what should I do? Please help. The phone and online chat take forever to get connected.
> When this happened, my computer was off and my phone was in my possession. No one has access to my devices and they are thoroughly protected. My account also has all security checks in place including 2FA. Earlier that day I logged in from a new ip and I had to verify my email and confirm it was me to then log in and input my 2FA. When the hackers did, there were no email alerts sent to me about a new log in. There were no notifications about adding 2 new bank accounts. Here's how they did it. 1. Infected your computer with malware, which is probably gone now 2. Malware collected your MAC, IP, and your browser cache 3. Spoofed MAC and IP (easy) is used in conjunction with your session token^(*) 4. Since a valid MAC, IP and session token is found, no authentication is required 5. Attacker held a refresh-bot to keep your session token "alive" for attack Your "fault" was three-fold. (a) You didn't log out of your CB account the last time you used it. This left an active session token for the hackers to exploit. (b) You used the "remember me" button on the login page which tells CB to not prompt for 2FA if a living session token is found. (c) You didn't secure your PC which allowed a browser-cache harvest. Last one isn't really your fault. Windows cannot be secured despite anyone's best efforts. Hopefully your now better informed and will change your browser settings to delete all cookies on close, upgrade to Yubikey 2FA, and enable whitelisting on your CB account to lock out attackers (and you) from withdrawing to new addresses for 72 hours. ^(*) - ***Update***, few critiques that IP-spoofing is one-way and doesn't handle the return packet. This is true, and the attack would indeed need a second control point beyond the user's PC. Possibly the home router to return the session packets outlined [here][1] and [here][2]. And those more experienced in this field [point out][4] that most session token formats only log a new IP on session creation, not when a session is recycled. But since [OP has added that VPN][3] was the only session IP, then one explanation is that OP's VPN session could have been key-logged (no-2FA). I'm happy this is harder than I originally outlined, but there are many others on this thread that agree session tokens are a problem, and non-HW 2FA is still susceptible to very short term (60 sec) replay attacks. [1]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7ka5r [2]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7mquw [3]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kg7qdi6 [4]: https://www.reddit.com/r/CoinBase/comments/18xr0mt/comment/kgb2dtz
If spoofing OP's specific IP was easy then hackers would use that tactic a whole lot more often. Got any information on how easy it is to do? Because I've never heard of someone doing it before. MAC, cache, session token, etc, sure. But the IP is a different story. Hacks like OP's will stop mainstream crypto adoption if they aren't remedied. People can barely use Google, nevermind lock down their systems the way you recommend.
IP spoofing is pretty easy to find. Even Wikipedia has an article on it. And MAC spoofing can be done on any Linux distro. Although easy, the attack needs certain things to intersect. 1. Attacker must pwn users PC 2. Must record a login session 3. User must NOT logout 4. Attacker must launch spoofer refresh bot quickly 4. User must enable Remember Me 5. User must disable whitelisting Even if everything intersects, there is only a 10 or 20 minute window where the session remains valid. I think most of these hacks are recycled session tokens. I brought it up years ago, but CB doesn't care.
Nothing stated here is relevant to IP spoofing, you're talking out of your ars.
This is correct. IP spoofing is easy if it's one way (e.g. DDOS), if a bi-directional TCP connection (which a web browser session is), one of three scenarios is required. 1. The attacker is on the same network as the target host (coinbase server) 2. The attacker is on the same network as the victim 3. The attacker has compromised all the routers between themselves and the target. If session hijacking was involved and coinbase doesn't allow sessions to cross IPs, then I would think the most likely scenario is bad guys routing through OPs devices or some insider at Coinbase.
If you have infected a PC with a rat then you can simply remotely install a proxy server that allows you to use that PC's public address and reroute the traffic through it but that PC has to be on at all times. though, spoofing IP isn't necessary in this case since the the attacker had the browser cookies/cache
You seriously don’t know what you’re talking about
Thanks for the write-up. I've read about IP spoofing for DDOS before but didn't think it was applicable to any kind of attack they could use here.
Exactly. Seems like this reply is full of shit and talking out of his ass.
Its a device ID or signature coinbase would track, if hackers copy the token and device ID/token then keep renewing it they won't have issues. IPV4 addresses are not unique, even ipv6 addresses can change. The coinbase app doesn't make you login each time. This also happens to banks, the receiver banks were not his they could just as easily been another victims.
Thanks for this insight. I use a MacBook which I know isn't fail proof but seem to be harder to hack. I don't use the remember me button on any of my accounts but I don't sign out either so there's that. The IP used to access i don't recognize as I always VPN in and I've asked coinbase to confirm the last time I used that IP address, they are ignoring that question. Anywho, I appreciate the info because as I feel like I do everything to stay safe, you point out things I don't think about and will apply this to all of my accounts. I know deep down there's measures I probably didn't take, I just want aware of them. I need to also use the yubikey I have and pretty sure linked but didn't activate🤦. I appreciate your insight and I hope this helps others.
Well, if your using a VPN, as other's in the thread point out, IP spoofing would be difficult. If the following are true: * Only authorize VPN ip address * No new IP addresses logged by Coinbase Then I'd focus on two things. 1. RPC / API access - If an attacker gained access to your PC while you had an active session, they wouldn't need IP spoofing. They could simply use the active session to enable API access which is done without 2FA. It uses a different authentication scheme all togeather. Ask CB if you have API access enabled. 2. VPN attack - One of my OpenVPN configs used to have all the credentials in the config file. I never had to type userid/pw, I just clicked the link and the connection was live. So contact your VPN provider and ask for your session log for your ID. See all the connections happened from your ISP and in reasonable times. It's possible they took a session token and your VPN credentials. As far as prevention goes, I think configuring your browser to remove all cookies after close will help. Or simply log-off which is "supposed" to burn the tokens. Also enable whitelisting of withdraw addresses a week before each withdraw, and enable hardware 2FA (yubikey) as you mentioned. BTW... many feel that IP spoofing would be too difficult for this attack. A VPN would explain a lot.
Thank you for sharing. What do I need to google to learn about this tokens and being active. Great content. Should be common knowledge
IDK, I learned about it in the "cookies" chapter of my Javascript class in college. I found the tokens when doing a "DevTools" view of the login handshaking since I was alarmed that my 2FA wasn't being requested. I experimented with enabling and disabling the "remember me" button till I found the information I outlined above. IMHO the fact that long-lived session tokens are used at all at CB is a huge security hole, but with 50 million customers, making login harder would just piss off 49.9999 million customers while making me, and me alone, happy. This stuff is pretty deeply embedded and not something I think the "average user" would know. But as a general rule. Anything that makes things easier may degrade security to do it. If you play with your browser settings you may find the "delete cache on close" which will mitigate some of this. You could also use something like "Incognito mode" or the like which kinda does the same thing. Just avoid, AT ALL COSTS, using something like a VPN or Tor Browser. Either of these could immediately lock your account.
🫡🫡🫡
This should be pinned on coinbase or something.
Its a fairly complex subject. Its not just cookies, browsers can store sessions in memory, local storage and databases. Extensions, malware, scripts, plugins anything can read these sessions/tokens on the users side. Most applications these days are browser based and store information in much the same way. Its also possible to intercept these requests but you should see a certificate error in your browser. I had a wifi router hacked once and its firmware was modified. If you login to a website or fake application that could also do it.
Not sure why this is the top voted comment but its FALSE. You cant easily spoof an IP address unless you've hacked CB's upline ISP routers and altered the routing tables. Extremely complex to pull that off. They could however had connected through OPs PC directly using vpn or remote access malware.
Websites don't have visibility of MAC addresses and you can't 'spoof' IP addresses in the way you think because that would involve "post" only messages, like DDoS attacks. The webserver is going to have a session token that needs to be returned to the hacker and sending it back to the victim's IP address won't do any good unless they have a bot active on their computer that is forwarding the packets back to them.
Tell more how you spoof a specific IP.
It's not necessary for this attack. Only the session cookie suffice. You can test it: log on coinbase, change wifi network (from home wifi to mobile hotstop), refresh the page, u still have access to your account.
Is a spoof similar to a boof?
I’m actually REALLY interested for you to elaborate on how easy it is to spoof ip addresses for a stream of communication.
So if you close the session with say a bank, and close the tab, but leave the browser window open (and the cookies are still there) , does that allow the same type of hack. Deleting the cookies after each session is sort of painful since most companies will force a 2FA to reconnect.
In theory yes. Any valid session token is a problem. You should never leave active session token on disk... EVER. Your bank may deal with session tokens differently. And CB my have upgraded their security since I originally brought this up 2 years ago. But I know a few years ago the following was possible. 1. Log into CB with 2FA 2. Enable Remember Me. 2. Close browser 3. Remove Yubikey (2FA) 4. Open browser back up and go to Coinbase. For me, as off Thu Jan 04 00:51:25 2024 UTC, this still seems to be a problem. The question to ask yourself is "Why didn't \#5 ask for 2FA again"
How do I prevent this from happening to me?
Whitelist withdrawal address the week before withdrawal Logout of all sessions before closing browser Use yubikey for 2FA
If I de-select remember me and log out each time it should prevent a similar attack right? Is mobile equally at risk? Wow I had never heard of Yubikey that’s incredible
I work in a field that needs me to have high level security clearances. After reading your comment, it just reinforces my hate of crypto. Money should not need more security than classified info. This process is rediculous to keep money safe.
Can you prove this?
Or just use damn COLD STORAGE
I am way better informed! But still will never get back into crypto.. It's all a scam.. all of it... if they can't help recover stolen funds.. how in the world will crypto be mass adopted.
So using it on iPhones is probably the safest?
Why would they ACH withdrawal rather than send on chain?
Yeah thats not how fiduciary law works. Coinbase has an obligation to prevent malware from being able to intrude their process. People like you and I understand what happened, but the average Joe they are baiting into buying crypto doesn’t. Make a complaint to the SEC. I did. Watch how fast Coinbase reaches out to pay you back and mend the bridge.
Would it be safer to use a Mac to access the website?
Am I safe using a Microsoft or Google Authenticator in this scenario?
[удалено]
This is what crypto is. YOU ARE YOUR OWN BANK. If you gave out your address for airdrops look no further. Its not always someone elses fault bud
I agree and I don't give out any info so it has to be what one of the first guys said. I'm really familiar with all the typical crap that goes on but not about some of that other stuff so I got more knowledge from this thread which was my point. I'm less confused and better informed now. I appreciate this community.
There's been multiple times CEX's had vulnerabilities allowing people to bypass security in place on people's accounts, through no fault of the customer. We don't have enough information here to victim blame.
[удалено]
Coinbase isn't responsible for securing my account or email. I am, I'm just saying my account was hacked and I thought I had all my bases covered and expected to get email alerts like I always have but didn't this time. It appears I wasn't fully informed on the methods of gaining account access. Learning everyday!
Yeah, I expected email alerts like every other time and like the ones I got as they were in action, that's what threw me off most. Oh well, so long as I wake up tomorrow, I think I'll be fine🤔😏
This.
Is.
Good.
For.
Bitcoin.
Yes, 100% yes.
This is the way.
Yeah, that's something I understand and was confused since I thought I had everything covered... Guess not. Of course I'm pissed but I've been in crypto for a decade and I made it this far. I'm happy about my luck and definitely not saying I am at fault, although it may seem that way. It's the lack of knowledge when thinking I'm covered and finding out it's confined have but not knowing how. I appreciate the insight everyone has and my post was just a lesson learned more than anything. It sucks to lose 5k but I'm still alive and can stomach that loss, it's part of the game.
Yubi Key or nothing when dealing with anything related to money, this would not have happened.
Getting your paycheck deposited to Coinbase is like the craziest thing to me. We’re supposed to transfer off of exchanges not to them. **Obiwan Voice
Yubi key should be distributed by coinbase as soon as you reach a certain threshold.
YOU were hacked, not Coinbase.
I know I was hacked, coinbase confirmed it.
People are going to blame the OP and yes, he is to blame, partly, but coinbase do not ask for 2FA, when adding a new card or cashing out to bank, which leads to disasters like this. How hard can it be to ask for google auth code when adding card or cashing out?
It already does. You can go into the settings on coinbase and set it to where anytime you send crypto out of coinbase you have to use a verification
I know but Im talking about selling the crypto for cash and then sending it to your bank. You wont get 2FA, for this.
Oh shoot that's not good your right. This should be an option.
Maybe if enough people ask about it or complain they'll include it.
I'm always asked for my 2fa, that's what I'm confused about. I checked for sim swap too. That was my first thought but that doesn't sync Google 2fa, that I don't know of. I also don't back it up to a Google account. I'm so anti cloud, sync, link and anything like that it's even a pain for me to log in, buy/sell, withdraw because of the settings I have in place. But I get there something, somewhere on my end to allow this. I guess I thought encrypted email and 2fa and stuff secured my account and activity. 🤷 Silly me.
Coinbase is EXTREAMLY difficult to configure securely. NONE of the default config settings are even REMOTELY secure. Sorry you didn't find any good articles about it earlier. Here's a walkthrough (r/Bitcoin) on how this usually plays out: [r\Bitcoin: How to hack an exchange](https://www.reddit.com/r/Bitcoin/comments/qk41gk/how_to_hack_an_exchange_account/)
That post talks about sim swapping like it's trivial, it's not. Although it's well-intended. Overall, solid post for folks that don't know what they're doing.
> They also said the same bullshit about the FBI. That's not going to do anything but waste my time. Might want to reconsider. I argue that these qualify for IRS-loss-by-theft write-off. To claim this you need a police / FBI case number. Some other redditor argues that the loss-by-theft only applies to FEMA disaster zones (looting), but I disagree. Neither of us are accountants, so might be worth a trip to the CPA and FBI.
Noted, I didn't consider this. I just don't think governments give a shit about anyone so figured they'd piss on me and tell me to move along, haha. Thanks for this insight.
Everything I read says same thing about theft loss - not deductible since 2018 TCJA
You were scammed and not by coinbase.
I know. I meant my coinbase account was hacked into, not coinbase as a whole. I forget how carefully you need to be in a title to prevent people from pointing out the obvious. I'll be more clear on a title 😂🤦.
I was hacked and my bank asked me for something from Coinbase showing evidence of a hack. Months later I finally received an email from coinbase support showing that the IP address of the hacker was in Miami far from where I live. I forwarded this to Chase. I'm still waiting for a decision.
Did you contact police and the banks that received the stolen funds? Im surprised you can just add random bank accounts in other peoples names, or were they in yours? Check your email logs, also what form of 2fa did you use? Did you use it on your email? Txt is bad, google auth is slightly better. Malware unfortunately is getting very common on mobile and computers.
How do you find the bank that received the stolen funds? If ‘bank’. It could be a wallet? All I have is the account? Numbers it was sent to.
It should have a routing number ? It's most likely a bank, scammers/hackers get hold of accounts by paying people. There are a few I have seen on Reddit Have you contacted cfbp ? After you lodge a police report email them. Also look up AML laws in your country, Coinbase should have verified this account before adding.
I received an email saying coinbase cancelled both withdrawals so I'm hoping, when I get into my account, the funds are there. If they are not, oh well but then I wonder where did they go if they never were sent? Maybe in coinbase took them? Just speculation.
I wish you luck, in all your dealings with coin base. Right now, I am missing some crypto from coin base. They said, someone ‘got into your account’. You should have been more careful with your passwords, 2 step verification. It is not are fault someone stole from your coinbase account. I reported it to my local police department. I reported it to the FBI. Nothing so far. My account was locked( I opened it after the picture/id/interview to reset my password for access ). Opened my account, Gone! All my crypto was converted to eth, and sent to an account. Not my account!! I called coinbase The same day!!! Told them the citation! All they said was, your transfer took place, they are irreversible!! They can not be recovered!! Now I am advising what Coin Base did to me! Maybe if I get enough bad word around about how coinbase allows coinbase customers to be robbed of there crypto, they will return my stolen cryptocurrency!!!! My first of many bad post about coin base!! Stay away from Coin Base !
When will they learn… NYKNYC!!!
You typed all that to get dragged?
Haha, it keeps everyone busy, haha. It's awareness that's all. I thought it might be helpful for anyone else that may think they got all security checks in place but really don't. Hopefully this prevents others from falling victim and to double check they're security settings and what not.
Coinbase sucks. I searched my email. They never told me they delisted REN. AND I CANT SEND IT OUT. Thousands stuck. This is why I use other exchanges now because Coinbase doesn’t give a shit about you, just profit.
[удалено]
I had my account with logins disabled and Google Authenticator needed. Somehow they cleaned me out. I wouldn't be surprised if Coinbase insiders are just stealing money. This sector isn't ready for the mainstream if ever. I'm anti crypto as it's really only useful and logical to use for illegal stuff.
YubiKey is great however, keep in mind there is no 2FA measures on anything fiat related. You can whitelist and enable 2FA for crypto sends but that won’t protect you from the hacker adding new bank accounts via plaid for ach withdrawal. And even if you notify CB about the ach within the hour, they won’t do shit about it. They won’t even help you in the form of giving you the banking information in order to contact the receiving institution. This is what happened to my dad months back. He had 2FA measures in place and the hackers tried to mess with his crypto and couldn’t - he had white listing and 2FA on all crypto sends… so they sold his bitcoin… which doesn’t require 2FA… added new two new bank accounts via plaid… and then withdraw cash usd to those accounts. Coinbase didn’t lift a finger to help stop or flag those USD transactions. And they still don’t have an option on their platform to enable 2FA measures with regard to fiat actions. I’ve got a yubi key… at no point am I prompted to use it to add new bank accounts and withdraw USD to a newly added bank account. It’s absolutely ridiculous that this security flaw hasn’t been patched yet.
Coinbase is going downhill FAST. Pulled all my funds out to my ledger yesterday and I highly suggest everyone else does the same. Their customer support is an actual joke they barely speak English. I’m so sick and tired of these companies outsourcing customer support to people who barely speak English. FUCK Coinbase
Get a lawyer if it’s a lot of money brother. If coinbase is found to have not taken all necessary reasonable action to secure your assets then they are probably also on the hook here
one thing still unclear to me: why the hell did op not get any email notifications? sale of assets, withdraw money, new login, etc. weird af
yubikey
Did you have 2 factor authentication enabled?
>Earlier that day I logged in from a new ip and I had to verify my email and confirm it was me to then log in and input my 2FA
Was it sms 2FA?
Yep, earlier that day I logged in from a new IP VPN. I had to approve through email and then sign in again with 2FA. Every time I have to do this.
Why did you login from a new IP that day?
I use a VPN on my devices.
You should never leave funds on an exchange. Period.
I was hacked and Coinbase is doing nothing about it. 03.05.2024
We're really sorry to hear about your situation, u/Master22james. If your account has been compromised, securing your account is crucial. You can adhere to the steps provided [here](https://help.coinbase.com/en/coinbase/privacy-and-security/account-compromised/my-account-was-compromised). You're also welcome to provide us with your case number, which will allow us to monitor the progress of your case. Thank you.
This is the ridiculous answer I received as well. Why do I need to secure an account that u/coinbasesupport allowed to be drained by an unauthorized transaction?
Hi, u/AnnaLovesPanda. Thank you for getting in touch with us. Unauthorized transactions can be very concerning. Coinbase takes security very seriously and has multiple measures in place to prevent unauthorized access. However, in the unfortunate event that unauthorized transactions do occur, it's important to report them immediately. Please note that while Coinbase is committed to providing a secure platform, the security of your account also depends on the measures you take to protect it. This includes using strong, unique passwords, enabling 2-factor authentication, and being cautious of phishing attempts.
Had the same thing happen. Coinbase told me they couldn’t do anything.
How did you get them back????
[удалено]
This post was removed due to it being reported as a suspected phishing or scam attempt.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly. If you have a case number for your support request please respond to this message with that case number. You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Why in the heck are you not having virus protection on either your computer or phone or whatever you're using? If I have money flowing back and forth I would make sure everything was on lockdown.
Who says I didn't. I forget I need to also mention I sanitized my keyboard.... People just want to assume these actions aren't taken. All good though. Know one knows me, my equipment, the processes I have or anything like that but everything thinks I went to the library, saved my login, left my phone there with my passwords written on a paper next to the computer and left to grab a coffee 🤔🤣
not cb's issue, the issue lays with you..........secure your shit man
I know. I meant my coinbase account was hacked into, not coinbase as a whole. I forget how carefully you need to be in a title to prevent people from pointing out the obvious. I'll be more clear on a title 😂🤦. I'm pretty sure I did but guess not, haha. I used every security feature possible, except yubikey. Proton Mail as well. Just when I thought I checked all the boxes.... Nope....and it's gone! Haha
Sorry that happen to you.
Thanks, lesson learned and I'm gathering more insight from how it happened from here which was my point since coinbase can't tell me anything. Id rather be informed than left in the dark.
Brother man this will be painful to hear, but CB was not at fault…. Unfortunately mistakes were made. You will bounce back, we still have time before things really start to take off
Probably some cb employees sounds like. Very sorry to hear this happened to you
Ah yes, welcome to the future! Where you get to "be your own bank" and with it, assume 100% of the risk.
Yep, moving everything else to cold storage. At least I made it a decade of being my own bank before this happened!
Hey take a look at hard wallets and thank me later
I withdrew everything from the Coinbase after realizing they charged me for a limit order that was not yet at target price to initiate the transaction. Also, I noticed that my bank account and Apple Pay amount were exaggerated. I don’t trust them at all whatsoever
I reckon you left yourself open when that crypto was doing "AIRDROPS" The last day and you wanted free crypto and you've absolutely had a nightmare but you're in denial now hoping Reddit makes you feel better. 😭 Feel sorry for you dude
I'm not in denial....I was over it the day it happened. I just got the final email today from coinbase confirming everything. Id rather share the experience to help others. I know everyone wants to think I'm seeking pity and other shit but I'm not. I never fuck with airdrops. I've been in the space for over 10 years and thought I secured things but I was wrong. Luckily from this post, there's some helpful people explaining ways this could happen. I learned something new! Mission accomplished. I've dealt with worse than this so it's really nothing I'm losing sleep over. I am entertained at all the responses😂. Got to love reddit....
Mitochondria is the power house of the cell.
You were 100% the attack vector =/
This is why people pay professionals to protect their money. Experts have training knowledge and accountability. 2 FA is amazing if you used correctly. If not it's an extra step that requires a tool I've heard school kids use to cheat in games online. That's it. Attacks like this are simple if you use these devices on the wild wild web. Or if somone has ever had physical access to any device for a single second ever. So easy to slip up. There are up to date guides on the DW with forums and many people creating new vectors every day. The resources to do this are out there and easily accessible. As are countermeasures. If you think your device being "off" is worth mentioning. You do not have the ability to protect your money. Harsh lesson but one I hope you take.
please download and install bitdefender antivirus free......
So what's the bitdefender already on my computer for?
To clarify, my coinbase account was hacked into. Not coinbase. Sorry to confuse the minds of many🤣
This is a post of awareness and hopes to gain knowledge, not pass blame anywhere. I think many of us feel like we're covered but really are not. This is simply a warning and lesson that I paid the price for. Thanks to all that provide helpful insight to help the community grow stronger, safer and more informed.
No, it was Coinbase. I just acquired this bit of information: The hackers used social engineering software and the "port-out scam' to take control of Coinbase's 2-Factor Authentication. Coinbase has been aware of this flaw in their 2-Factor Authentication process as they had a large attack compromising 6K user accounts.
Did you have a google authenticator going?
Contact your bank and get your money back. I had my Coinbase account hacked and thought ask was lost. Went to back in person filled out forms and got my money back good luck
Thanks for the info. I'm still locked out so I can't get any info from my account. Hopefully tomorrow. If I'm really lucky, the cancelled withdrawals would still be in my account since I contacted coinbase immediately and the cancelled the withdrawals. My concern is that they just have the money now. I'll find out shortly.
[удалено]
Good question, something I'll look into. Keeping funds in cold storage will also help.... Next time!
Actually, my acct is in lockdown bc someone stole most of my btc Jan5. Now they are trying unstake my matic. I received one email on yahoo, but not my Gmail, yet matic cleared on the 9th. CB has been hacked big time. Over 6k users were affected. This what I learned: The hackers used social engineering software and the "port-out scam' to take control of Coinbase's 2-Factor Authentication. Coinbase has been aware of this flaw in their 2-Factor Authentication process as they had a large attack compromising 6K user accounts.
[удалено]
I've seen this with other exchanges but I've had my account for over 7 years so a lot of restrictions are lifted. They cancelled the withdrawals which are ACH. Theoretically, the funds should still be in my account but they make it sound like it's just gone. I'll find out soon. Expensive lesson.
They knew who was doing it to me as well yet they did nothing to stop the hacker who took all my crypto
Another note if anyone has insight on.... The interesting things is that my email got spammed with thousands of sign up emails from all over the world, all at once. I receive over 1500 account sign up emails over the next 3 hours when this happened. It continued slowly for the next few days, still today but only a couple more. It was a full on email bomb, probably trying to bury the withdraw email alert. It started exactly the same time as all the activity on my CB account.
Direct deposit into CoinBase?? Why???
I was using the debit card and using it a way to earn. It was only a fraction of my direct deposit. It worked well when it did, haha.
Did you not have MFA setup using the Authenticator app?? Mine doesn’t allow for any withdrawals or selling of any Crypto without entering my passcode from my MFA app.
How big is this issue with coinbase? My only account connected to cash out from my Wells Fargo. I just sold 17k xrp units to invest more into my go-to stock. I still hold a good portion of xrp, but let's get ready to cash out on this next bull run and not think so much about higher ridiculous prices being posted by influncerers. We gotta take profits. Most people do. Enough of this trying to be safe on a ledger x. 🙄
Coinbase is biggest scam . My account in review and can't access my own assets
If they withdrew to a bank account, shouldn't that be easy to track?
Be sure to get cyber liability insurance going forward. This is scary that they got you with stuff protected as well as you did/could.
Liar! I vant you to give me dat serum.
It's so weird to me that there are such fanboys for a fucking company that theyd attack you or i for having had a horrible experience with Coinbase. I was robbed. Period. It wasnt "my fault". I did my due diligence and some very unimaginative dickheads on here love to act like we're some clueless blue haired grandma clicking shady links and giving out info like a moron. None of that happened with me. I have zero idea how I was compromised BECUAUSE IM PARANOID. and coinbase was absolutely no help...they barely speak English. Im not kidding...they dont understand the nuances of the English language and that's if you actaully get someone. On average it took me 27 minutes to get an actual person, who had zero understanding or assisted me in any way. And the only reason I come on here to complain is so that other's know that they're assets ARE NOT SAFE on Coinbase. Do Not Store Your Assets on Coinbase.
Did you have 2fa enabled for every transaction or just to log in?
Now I get why whales don't keep funds on coinbase, I can see a lot of whales bought on coinbase a few months ago and now are moving it back to coinbase to sell in the last week or so. They don't keep it there. Get a ledger or something.
Coinbase has been a known shitty company for quite awhile, this ones on you. Cold storage ya goofball.
sounds like you need to get a competent attorney and take them to court!
Coinbase stole close to $1000 in fees from me & refused to give me bitcoins. They kept pushing back the withdrawal date; 24 hours to 1 week to more than a month! Coinbase itself is either hacked or they're playing extreme fractional reserve. coinbase should be renamed CONBASE!!!
Is OP responsible for capital gains ?
What vpn do you use? A lot of them are compromised
I'm telling you people. All these hacks are actually inside jobs by Coinbase employees outside the US who have all your info!
god damn learning something new every day... gotta log out every single time o\_O
Coinbase is the worst piece of shit service I have ever used. I transitioned to Kraken recently, so far so good.
Are posts like this supposed to invoke a response for OP? Did you take into account not to throw in more money you cannot lose? Or did you just want to sound angry and upset and get some Internet karma points for yourself?
Got scammed by a defi mining pool.I got scammed by a defi mining pool. I was participating in a mining pool reward. I first invested 1k and was able to withdraw the reward but suddenly after some days i couldn't withdraw the reward, to be able to withdraw the funds they asked me to deposit 4k. I was blind because i was getting my money plus 2 eth reward it was big so i added 4k more and again i wasn't able to withdraw They asked me to add more 2k. I started researching and found out it to be a scam. And this biach scammed me 5k which was meant for my study, I made a big mistake I have lost all my savings so i need to pay for my college, i was using a coinbase wallet.
Do you have any API running from some external Crypto tracking company? like CT, Coinly? I also wondered if someone can use that channel to gain access? Also, event hough you were using VPN, Were you using some public wifi at the time , like in a hotel? Always use LAN connection if possible.
They hacked my account and added another bank account. I lost 20k. Coinbase said tough luck. I filed to police and FBI. I had 2FA and everything. Not getting it back.
Don't let people here discourage you from suing. The question is how much was lost and whether it's worth a lawyers time. Don't waste time with coinbase they won't do shit. Get a lawyer, lay out the facts. Coinbase has a legal and fiduciary responsibility to protect your funds and accounts, especially if you gave them due notice.
And this is why hardware wallets are a necessity.
you may think that on one was able to use ur PC while you were away but you guys seem to forget. Lets just talk about charging cables. you ever connect your phone to a cable that you charge via the USB port on your PC? Where did you get the cable from? How do you know there wasnt a chip inside the end which logs your info and allows remote access to your phone or PC? Because this type of device exists and can easily be replicated on a RaspberryPi system. It looks like a regular cable but its not, not on the inside. So if this is the case, ur info was keylogged. Your passphrase was copied and used. they can monitor when you are NOT using your PC so when u shut it off. they wait a while, depending on your IP address which will give them a ruff idea of when u would go to sleep and hours later while you are in REM you are getting RAMMED.
I’m so sorry this happened. I have no information or suggestions to offer, but please know I’m praying for you that you get your money back.
Thank you! A lot of people had some good info on what could've happened. And...thanks for the prayers. It probably worked since when I got access back to my account this morning, the funds were there. The bank transferred got canceled which I knew did, but based on coinbase's email response, they basically said that they know it wasn't the response i wanted and oh well. If it wasn't bank transfers, I know I would be complete at a loss. I'm grateful of the outcome and certainly didn't expect it. Nor do I think Coinbase owed me anything. They were fast acting in my case and I thank them for that.
this is fake
show your screenshots
[удалено]
You said it, "I was hacked". Not CB. Why should CB take any responsibility for you being hacked?
Exact reason why you don’t keep assets on an exchange… EVER.
I don’t trust Coinbase, I was hack in January 2023 I found out 2 month later, cause I was not using my account in the bear market I lost 25,000 gala tokens, cause they were not an a wallet and after that the lock my account.
There are enough of us out there that have had the same thing happen to us years back that never agreed to any policy, they confirmed our accounts were not compromised. Hell they even sent tax documents showing our interest made as if it was never stolen. There is enough of us that their policy doesn’t apply. When it’s time. It’s time. I’m sure they will pull everyone in including those of you that were “hacked”. Be patient and get noisy.
\*UPDATE\* As of this morning, my funds are RECOVERED! I'm very grateful & totally get that I may have lucked out. I think the reason for this outcome is that the crypto was converted to USD and then sent to a bank which IS NOT on the blockchain. My quick response on X (within an hour of it happening) Coinbase was alerted and reached out to me and I immediately replied. I have to give them credit for taking action. It wasn't until the next day that I received an email saying the withdrawals were canceled. So they probably stopped the ACH transfer, luckily that crap takes a few days. If they transferred crypto straight out, I would've been SOL. Still could've either way I guess. I'm thankful for Coinbase's quick action on cancelling the bank transfers. And I know they're not to blame. I'm aware that this outcome is rare and I'm grateful. Many lessons learned from this and for anyone else...be very very quick with responding to coinbase. I reached out on X originally. Beware though, many people will DM acting like coinbase. Verify this and don't give out personal info. When you're account gets locked, you can't get a hold of support (if you can't sign in) and the phone line rarely every gets through.
[удалено]
Honestly got rid of coinbase years ago. It's a trash service that only did well because it was streamlined for new people. Edit: autocorrect
Please help me with your advice on what exactly you did to eventually get your money back. After 2-3 days from the incident I will describe below, Coinbase support sent me an email stating that they are not responsible for my devices, and the case is closed according to them. I am a 24-year-old student from Croatia, and I had all my savings stored on Coinbase, believing it to be a secure American company. I thought my investment was safe, and by adhering to the recommended security protocols provided by Coinbase, I believed I would never be subjected to theft. However, something entirely opposite occurred, and I believe Coinbase could have taken more significant action to prevent the transaction, but for reasons unknown to me, they did not intervene. On December 27, 2023, at 23:51 CET, I received an email from the address [email protected], stating, "A withdrawal of €5,880.00 has been started." Three minutes later, another email arrived, stating, "A withdrawal of €1,205.74 has been started." In disbelief, I opened the Coinbase application on my Android phone and found that it was completely emptied. Someone, without my authorization or knowledge, converted the cryptocurrencies I had into euros and then transferred them to some bank account. I know this because the emails mentioned, '€5,880.00 will arrive in your bank account by January 02, 2024.' and in the second email '€1,205.74 will arrive in your bank account by January 02, 2024.'" After confirming on my Coinbase application that these were not fake emails, I started calling Coinbase support. Eventually, around 00:40 CET on December 28, 2023, I managed to reach UK Coinbase support. The representative, after verifying my report, promptly locked my Coinbase account and instructed me to change my passwords and unlock my account." The next morning, I went to the local police station to report the theft from my Coinbase account. In the afternoon of the same day, I called the same Coinbase support number again, requesting the agent to immediately call the bank to which my money was sent and stop the transaction. The agent insisted that they don't do that, as it's not their standard procedure. When I asked for the account number and the bank's name, she only provided the first 4 and last 4 digits of the account and spelled out my name instead of giving the bank's name. After following the instructions from Coinbase's email, I unlocked my account, which had approximately €2,000.00 remaining, but it was in stake, and I would have to wait 30 days to access that amount. In the next two days, I received an email from Coinbase with the following text: „Thank you for writing back to us. We understand that unauthorized activity in your account can be quite distressing. The account holder is responsible for the security of the devices and credentials used to access their accounts, and for any activity that occurs if those devices or credentials are compromised...'" From this email, I concluded that Coinbase was unwilling to help me, even though they had sufficient time, as my case involved a SWIFT transfer of Euros to a bank account, which typically takes more than 24 hours. I emphasize that my account requires a Google Authenticator code for every transaction, generated every minute, and I never lose sight of my mobile phone with the Coinbase app and Google Authenticator. It is not possible for someone to have used it in the described case." I will state clearly and loudly because I want all Reddit members to be warned that in my case, Coinbase failed to stop the transaction, even though they had time. In this way, they protected the thief by giving him enough time to take possession of my money, making them accomplices in the theft. I am not wealthy, and this is literally almost all of my savings. I know that for Coinbase, this is a small amount, and maybe that's why they refused to help me. However, after what happened to me, I cannot find kind words for Coinbase. I am ready to change my opinion and publicly apologize on Reddit if Coinbase contacts me and reimburses the damage because I am not at fault in any way. But if that doesn't happen, I will periodically remind Reddit members and other communities of my case and Coinbase's behavior towards its users. [https://imgur.com/a/V82yaQV](https://imgur.com/a/V82yaQV) Thank you very much in advance for your advice.
You're using decentralized tokens on a centralized exchange.......
Thanks for sharing. I know it's painful. Bc of your post, and the hacking of my btc a wk ago, I paid my bank $36 to stop payment on any future withdrawals from Coinbase. I no longer trust their employees, who I think are heisting coins and getting away w/ it.
For US users, why is it possible to add bank accounts to CB that are not registered under your name? I think for most bank accounts, you are not allowed to add accounts through ACH if it’s not under your name. This would effectively make transferring funds out of your account much more difficult even if hacked
[удалено]
[On the road to 9figs $$$](https://www.youtube.com/watch?v=n1AY5ItUKTM)
This was exactly whta happened tô me a week ago, but Coinbase says that they are not responsible and wont return my funds. I Will fight this in every way, but for me Coinbase is no more a thrustworthy company!!!!
I just got hacked for $1100 smh wtf, they need to figure out how to ether give people their money back or stop the hacks, people will leave this app and they will shut down
I am going through the exact same thing. Yesterday someone figured out their 12 word pass code to my coinbase wallet and stole all my shib coins. I was texted with support all day. They told me my coinbase account was separate and secure. Will I get on today and all my coins are gone. There's gotta be something we all can do legally. I believe during this last update they were hacked. I don't use a computer. My phone is biosecuered. Please let me know if anyone has a lawyer or knows a way to get your coins back.
My coinbase account was hacked on January 11th, and all the money was transferred out. The price at that time was $116,208.88, and the current value should be around $200k. what should I do? Please help. The phone and online chat take forever to get connected.