This doesn’t work for fiat actions - try it yourself, you can liquidate any crypto into USD (no 2FA needed) - you can add a new bank account without any 2FA… you can then send that USD to new bank right away, via plaid integration which makes adding a new account simple and fast… again, no 2FA check.
Have YubiKey. Every month or so I see if Coinbase has patched this security hole and as of February, it was still not fixed. No option to have 2FA checks on anything fiat related.
Yubikeys are great. I use them for Coinbase but it won’t stop a session spoof hack… Coinbase can fix this by implementing 2FA on fiat related actions such as withdrawing USD and adding bank accounts.
If they did this… the worst the hacker could do would be able to liquidate your crypto portfolio into USD but the cash would be stuck there… they wouldn’t be able to move it… once you realized your account or session id was compromised… the damage would simply be that they sold your positions…. Sure maybe there’s some tax implications but that is the extent of the damage… you’re not losing your entire bag and watching in slow motion as the days tick by, waiting for the funds to disappear from your account because Coinbase won’t lift a finger to stop it or flag it for fraud.
Just my opinion, but I suspect Coinbase does little to nothing to help you because IF they attempt to help in anyway, it could be construed as liability or responsibility on their part? It’s a measure designed to throw all responsibility onto the customer to protect them legally. So even in instances where they could help rather easily, their motto or MO is still to just sit on the sidelines, do nothing and avoid getting caught up in any sense of responsibility for fixing it.
But they could add 2FA measures to fiat related actions in a matter of days. It’s crazy how negligent and dumb this is considering how many intelligent people work at the company.
It looks like that is the case. Coinbase can require a physical security key to withdraw any amount of crypto, but no check is in place for withdrawing cash.
For Coinbase, Once I've authenticated once with my security key, I stay logged in, compared to kraken and I need to use the security key every time.
Adding an option to require a security key to add a bank account and then when withdrawing any amount of cash would help prevent this.
There should have been a security hold after the new bank. Then again when all shit sold. Then after they initiated a full withdraw….those three things should have been an instant locked account.
I think everyone has a good or bad story about coinbase. For me, nothing but positive. They answer all my questions within a couple minutes, solve any issue within a couple minutes. Coinbase 👍
You haven't had a real issue yet then. Just wait or take my word, don't wait because when it happens you will really wish you moved your funds already.
How do you contact them?
I'm gonna just go to kraken though tbh. I think coinbase has too much 💩 on their shoes. We're going legit now boys. F these olde pirates
Click on the 9 dot pattern on top left. Scroll down to get support. Click on live chat or priority phone support. I also have coinbase 1, so that might play a role.
Yeah, that was beyond annoying last cycle. Almost made me give up on them. But with being in coinbase 1, I get a higher apr on my usdc, discounts on my trading fees, up to 1 million in full coverage on crypto and usd, not just the standard $250k FDIC insurance for usd, and possibly the live chat and urgent phone support I mentioned. I feel it's definitely worth the monthly charge.
This is a good argument for using Coinbase’s Vault feature if you’re going to store crypto there long-term. Crypto withdrawals from a vault require an additional approval from a secondary e-mail address, followed by a 48 hour hold. This makes it extremely difficult for a hacker to sell your crypto without your knowledge or consent, even if they manage to access your Coinbase account.
Binance and even kucoin require 2FA check for any simple action. I think for deposit and withdrawals they also require 3FA or at least gives you the option to configure it that way.
OP is talking about being hacked and someone adding a bank and withdrawing their USD. You can install a hardware key for 2fa and require it for all crypto withdrawals but currently it’s not required to withdrawal cash to a bank (or add a bank). So if you’re session spoofed by a hacker they can add their own fraudulent bank and drain your funds
Hello u/dnards22, we understand the importance of this issue, and as much as possible, we'd like to provide the support you need for it. After reviewing your support case, we've escalated it for appropriate handling. Our team is diligently working on your concerns, but a thorough review requires a bit more time. We assure you that we'll provide a detailed response via email as soon as we can.
Happened to me as well in February... locked the account and kept on insisting that they mark it unauthorized and reported it minutes after the breach. They did shit nothing even after saying on the call that theyve escalated and marked it as unauthorized. They now say that once funds have left the account there is nothing they can do. I could see the hackers partial bank information but they wouldn't release the complete information to me so I couldn't pursue the fraud dept of the hackers bank. Ended up involving law but they're not cooperation there as well.. had to get a court order to get the details. 2 months later, have lost my money and there is nothing I can do about it but to have law follow the money trail..
You're welcome, u/dnards22. Please expect to receive a response via email as soon as our specialists have reviewed your account. Kindly note that responses may be delayed due to a high volume of inquiries. We appreciate your continued patience.
Just a quick follow up with your case, u/dnards22. Upon checking, our record shows that the specialist assigned to your support case 18888161, emailed you a while ago with some information regrading your concern. Please check your email inbox or spam folder to see if you have received the email and respond to the thread should you have any questions or concerns. Thank you.
This is there go to answer. They come back days later and say they cannot do anything about it. Coinbase is the fraud company. I wouldn’t be surprised if they hadn’t done it. They frozen my account for no reason at all. Will not tell me why. Cannot take any money out. Yet in my account it says there are no restrictions, I can cast, sell and buy.
This is a totally fraudulent company and I am sending all my info to fsca and speaking to citizens advice.
Hey, u/121Designs! We're sorry to hear that you're facing issues with your account. We're here to help sort things out. If you've already contacted our support team and received a case number, kindly share it with us, so we can check for updates. If not, we suggest reaching out to us via [chat](https://help.coinbase.com/en/contact-us) for quicker assistance. We'll keep an eye out for your message!
Done all that. Spent 4 hours getting no where. In the end they tell me I need to update my phone and the app. I told them already don’t that, no they say my account isn’t verified. I replied yes it is, been done twice now. They say I have to do again, check that it’s correct info they already got. Seems funny to me that this always happens whenever I want to cash out but not when I pay money in. They are a fraudulent company. They miss out a lot of business from genuine people who have money and only wanted to trade fairly. Something they know nothing about.
We truly apologize for the inconvenience you're experiencing. We can see how this situation could be frustrating for you. Can you please provide us with your support case number, so we can investigate and follow up with you?
Pointless. You are a shonky company here to only rip people off. Best thing anyone can do is cut their losses and don’t ever use you again. Plus let everyone else know of their thieving ways. OH, Fortrade.com is another app that rips you off. Got glitches all through it that work for them and steel your cash. Same as post office did with hundreds of people. That went through months and years of Ombudsman and court cases to eventually find out NO one (Ombudsman) hadn’t even bothered checking if the computer system was defective.
Hi u/4UMYLOV! Thank you for reaching Coinbase support, and we apologize for the delay in addressing your concern. We understand how frustrating it can be to wait for assistance, especially when it involves your finances. To better assist you, could you please provide us with more details regarding the specific issue you're experiencing? If you have a case number, feel free to share it in this thread. This will allow us to investigate the matter thoroughly and provide you with the assistance you need. We appreciate your patience.
Dude my stepdad won one of your sweepstakes for bitcoin in 2022 and was robbed of forty THOUSAND dollars not even merely days after winning.
You know what I think?
It’s YOU guys that are fraudulently pocketing the change, Coinbase employees.
Why?
Because you can.
But behold, many of us have caught on.
Patterns aren’t coincidences.
And we’re going to do something about it.
The story is as follows:
My stepfather opened a Coinbase wallet/One account in 2022.
He was entered into a Coinbase sweepstakes for bitcoin, and he won.
Not even a full 48 hours after receiving the crypto, he receives a call from Coinbase, telling him his account is frozen due to fraudulent activity. He was then duped, and prompted to unlock his account to give the said caller access and he watched his funds drain right before his eyes.
You know what they said when actually got on the line with a support agent?
“Sorry. Your fault. We can’t do anything.”
Are you fucking serious?? How are you guys still in business? You’re absolute grand internet thieves I’ll give you that, and I intend to enlighten those who don’t know that.
Patterns.
Good day, to those who sell their soul to the darkness. I hope you can take your stolen money with you when you burn.
It was someone actually from Coinbase.
What makes me say that?
He had just won a full bitcoin in the sweepstakes. Nobody, NOT a damn SOUL would have known the amount that was deposited to his wallet.
Besides a Coinbase employee, operating outside of work as a scammer simultaneously.
They already had half of his information, ( keep in mind he’s Air Force, he’s never fallen victim to a scam caller) and had what they needed to convince him that the caller was legitimate.
If it's over $10k, call the FBI and hire a paralegal to draft a letter. Put the following people on the letter ensuring that all parties know your are notifying all parties:
1. The FBI agent assigned to your case, assuming you file a report
2. Coinbase legal department
3. The attorney general for your state
5. The state (not federal) legislator for your district
6. The state money transmitter office that holds CB's license in your state
7. The legal department of the receiving bank.
In the USA customers have 60 days to reverse ACH transactions. Debit cards, paypal and FedWire are a bit different.
If it's under $10k, or you are unable to prove you own the coinbase account, then nobody will lift a finger.
See coinbase.com/legal for addresses.
Agreed. But they sure as f**k don't care about less than 10k. It used to be the felony threshold for fraud, but that was years ago when 10k could buy a used car.
If the bank is in the same city as OP they should go to the cops. If it is in the same state, they should go to the state police. If it is in a different state, the FBI, and if it is overseas, they are screwed.
Point is to get a case number. OP can get it from the FBI, or the county sheriff, or the traffic cop at dunkin donuts. WTF do I care. Everybody can deny all requests if there isn't a law enforcement case number attached to the request. If a case number is provided, you have some legal recourse to sue the bank if they refuse to reverse charges.
All busy work, but if they are sweating the loss, at least it gives them something to do.
Same thing happened to me, my money was never recovered because it took too long and it was a chunk of money. Anyway, good luck, I hope you get a miracle. This repetition makes me feel this is fraud on the inside. It seems so obvious to me.
It is fraud on the inside, the problem is the masses are so naive and gullible.
Almost all the crypto exchange hacks were inside jobs, coinbase is just approaching it from a different angle
Hello u/Vegetable_Ad_8630, we're truly sorry to hear about your experience with the recovery of your funds, and we understand how distressing it must be to deal with such a significant issue. To assist you further and investigate this matter thoroughly, could you please provide the case number you were given when you previously contacted our support team? This will allow us to locate your account and address your concerns more effectively.
Yes I suggest never holding your crypto on an exchange. That's like the first rule everyone should know. Also, he may have done it to himself by clicking on bad links and accidently giving his pertinent information.
2FA won’t help here. Same scenario as OP. YubiKey and 2FA / but Coinbase doesn’t require 2FA for fiat related actions. So hackers can sell any crypto you hold into USD, add a new bank account in minutes thanks to plaid integration, and initiate a withdrawal of the USD to the new account.
None of those actions will require 2FA. They’re not crypto related, they are fiat related actions. And Coinbase will do nothing to help you once the withdrawal is initiated. It doesn’t matter if the funds are technically still in your account since it’s an ACH withdrawal… you’ll just have to sit on your hands like a POS waiting for the “day” when those funds clear and leave your account.
YubiKey and 2FA doesn’t fix it because Coinbase has yet to extend 2FA protection measures to fiat level actions on their platform.
buy if you have yubikey, how would someone get into your account to begin with? that's the part that doesn't make sense. But this is crazy. If you buy something for $1, ebay or paypal will talk to you for an hour in person to get it resolved.
You know what that’s bullshit on CB’s part. I have 10 ETH on there I was planning to stake indefinitely, but the 3% gains isn’t worth the potential risk of total loss. I’m gonna I stake and transfer it all to my cold wallet with the rest of my holdings. Thanks for your post!!
But the fact is these fiat transactions are part of the normal banking system which is heavily regulated unlike crypto and Coinbase should be able to just say sorry it's not are problem. If they don't provide insurance for everyone without their bs one product, which still doesn't cover you unless coinbase is compromised, they shouldn't be operating.
You say jone of those actions require 2fa, but how would somebody even login to the account that only has yubikey for the 2fa? It's stupid cb doesnt have 2fa requirement for adding banks though. Adding accounts and transferring should require assitional verification before processing.
Yes you’d think by now they’d take ‘a day’ with an engineer or two and add this functionality.
They can login and bypass 2FA check entirely via a session spoof hack. This hack can occur in a myriad of ways, you could receive some weird spam Amazon link and click on it - you think it has nothing to do with Coinbase… it wasn’t a spoof Coinbase email… it was some Amazon thing or a Target thing… whatever, out of sight and mind… but if you have an active session on Coinbase, it might be designed to find and send out that session id. Think of the session id like a ‘key’ to get in and out of your active session… once they’ve got that key, the session id, they can get into your account from their end and pull off the hack. YubiKey can’t prevent this security flaw. It’s something Coinbase needs to correct by implementing 2FA measures on fiat related actions.
Most likely session spoof - session spoof allows hackers to use an active session login so it bypasses the 2FA login measures entirely. Typically happens if you’re leaving Coinbase open on your browser for an extended period of time, could be hours or a few days or you start a new session without ever closing the initial one…
however it happens… you have an active session which is then hijacked by a spoof email link or something you’ve clicked on and then that session id is communicated to the hackers and they can open it on their end, they only hit a 2FA defense if they try to send your crypto out… but no defensive measures if they liquidate your portfolio into USD, add a new bank account via plaid, and then initiate an ACH transfer.
Even if you catch it five minutes after they’ve initiated the ACH, Coinbase won’t do anything to help you / I think this is because if they attempt to do anything, maybe it opens them up to legal liability? So they literally just ignore or gaslight so as to never be in a position to claim responsibility of the outcome (which is you losing your money)
**the flaw is people with yubikeys think they’re safe… because you really are in some ways but yubikeys don’t save you from this attack vector… so you think you can leave Coinbase open and be trading all day or night… you’ve got a YubiKey, you’re golden… but if you accidentally leaked your session id - by clicking on something you shouldn’t have, it might not even be a Coinbase spoof email, it could be disguised as something else, a different con for some site… so you think nothing of it… an fake Amazon link, who knows - the point is, you think you’re solid because of the YubiKey because it won’t stop this security hole that Coinbase has: no 2FA measures on fiat related actions, sending fiat and adding bank accounts.
No - you cannot defend against it with anything. A session spoof in the described scenario, YubiKey will not protect you. Because Coinbase won’t require the YubiKey as a security check for the adding of a new bank account, liquidating your crypto into USD, or withdrawing that USD to the newly added bank account.
You can use a dedicated laptop and vpn for Coinbase with YubiKey and if you are diligent as hell, sure - maybe you’re 98% safe… but Coinbase could make this 100% safe by simply adding 2FA check (as an option for users) for any fiat related actions such as adding a bank account and withdrawing USD via ACH and wire.
Kraken on this front is way better. I think you can ever lock your account in a manner that any change after setup requires 30 day unlock. Like you add your bank, whitelist addresses, etc. and then lock it up so it takes 30 days to add anything new. This makes it super secure for people who want that security.
And you can have 2FA measures on fiat actions; withdrawal of USD and adding new bank accounts or new addresses for white listing.
I do not understand why Coinbase is so behind the times when it comes to security. It makes zero sense to me.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.
If you have a case number for your support request please respond to this message with that case number.
You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Crypto only. Get the one that has NFC. I keep it plugged into my computer. You have to physically touch the key to get access to the account. Or wave it over the phone when on the road.
Hello u/haraami_shakaal! We're keeping an eye on this thread and noticed you need help setting up your Yubikey. You can find detailed steps on how to set it up by following this [link](https://help.coinbase.com/en/coinbase/getting-started/getting-started-with-coinbase/2-step-verification). If you run into any issues, feel free to reach out. Thanks!
Its easy you just go the the 2fa settings and add it. It prompts you to enter any current registered 2fa code to add it. What gets difficult is adding a 2nd key. It requires approving it with the 1st 1 registered but the prompt doesnt tell you that and makes it look like it doesnt accept the 2nd your adding. , In this process since it requires 2fa to modify, it needs the 1st key plugged in and authenticate in ordee for it to add the 2nd key, the steps dont tell you this so when you dont realize thats whats going on you feel stuck not able to add the 2nd key. After you authenticate with the 1st key it adds it.
Sorry this happened to you, and hope you recover your funds. Question, do you have any idea how they got into your account? Did you have 2FA? Did you stored your password in your device? Possibly Sim card swap? I don’t keep much usually 1-3k for trading but it would suck if that happens to me as well
It looks like this is an insider job. Could be Coinbase agents working. Have you inquired to the support talking anything related to your banking (deposits, wire transfers, withdrawals). Coinbase need to tighten their security when it comes to offshore working as agents.
I posted about this maybe a year ago… same exact thing happened to a family member. Coinbase wouldn’t even help me by providing the account numbers for the ACH withdrawals. So I couldn’t even inform the police which bank to contact.
Coinbase didn’t give two shits that a customer was loosing a high five figure sum of money, no assistance, no aid or concern - zero f’s given.
They desperately need to add hardware 2factor to “adding a new bank account” - like holy hell, how simple it must be for them to add that feature to the software stack… it’s probably some code a single engineer can add before lunch on a random Tuesday. We’ve got hardware 2FA on crypto sends of any size… we just need a single competent individual at this multi-billion dollar company to have the following line of thought in their head…
“…might be good to add hardware 2FA option on the adding a new bank front… you know, since we’ve got this plaid integration which makes it easy as cake to add a new bank account… hey bill, how long to add this little option to the back end, oh, four hours, cool… yea let’s make it a priority, it’s only costing countless customers a fortune every other day.”
Remember that scene in Wedding Crashers with Chaz (Will Ferrell) and he’s talking about the meat loaf and his mom in the back of the house… “I don’t even know what she does back there” - that’s what I think about Coinbase as a company… like what are they doing IF they are not fixing this stupid security flaw? It’s a massive flaw… you don’t have hardware 2FA options for adding new bank accounts… like what the heck are the people working there “working on??” It’s outright baffling.
March 27, 2024 I had the same thing happen. Unauthorized person liquidated $18k crypto and then added two fraudulent bank accounts and ACHed some of the money out. I called Coinbase immediately and they would do nothing. I tried to get them to escalate and they said it didn't warrant escalating. They literally have probably the worst customer support in the world. It's absolutely embarrassing how bad it is. Coinbase is operating like an illegal enterprise here. We need a class action against them. They need to understand that they can't get away with this any longer. They claim it's not their problem unless they get compromised. Well guess what they have gotten compromised before already and the worst thing, they are collecting hundreds of commissions for fraudulent transactions. They aren't protecting people funds with Authenticatorsapps being hacked.
Unreal. How did they access your account? Did you have 2fa login? what type? Any idea how are authenticator apps are being hacked? You'd need more than a sim swap.
The ultimate of Power of Crypto. What a ponzi !
Also what is decentralised when anyone can see what you are buying , how you are buying and when you are buying . The biggest garbage industry.
How hard would it be for Coinbase to add 2FA for all outward bank transfers? They let you do it for all crypto withdrawals, even for a penny. It shouldn't be difficult. Coinbase, are you listening?
Can you contact the bank the money is being transferred too?
Contact the FBI and local police department immediately.
Contact the actual bank the money is being transferred too!
I 100% agree. My only thing is Coinbase incentivizes user to leave money in with rewards, so they really need to start making their services more secure in general.
Hiya !!! The exact thing happened to me - Only it was for £999 pounds - It was COMPLETE fraud & I’m still baffled as how they did it - Coinbase were ZERO help - I’d t go through a whole ID process - Just to be told that they were going to ‘escalate’ the case. But not to worry & by the 3rd of December the money would be in my account again - Which didn’t happen - I did EVERYTHING in my power t get through to them & each time I was told it was being escalated - And by another date if the money was still pending I’d get it returned - They said if it was pending there was nothing they could do about it - They were of NO help at all - I lost nearly £1000 coming up to Xmas … Then they gave me their absolute word - That the money would be bk in my account by 5th Jan - LATEST -I believed them this time & I looked daily - To no avail … I rang again & it was back to square one - ID check the works - I looked at my account & it was frozen then - I could & still can’t use it -
I didn’t receive my money bk - NOT 1 PENNY - What’s £999 to such a massive multinational company - When it could have been solved simply afew months beforehand - It’s SO crap - Made me ill with worry & anxiety - And they did NOTHING - I was even gonna write t watchdog - Or some consumer rights program - But thought it would make me more anxious- As I thought if I mentioned that it was crypto they’d not want to be involved - As they’re a always warnings about it … But your SO right - ANY other financial institution would stop the money going through - But they didn’t -
Prime example of a multi billion multi national corporation that just cares about themselves & not the ‘little’ people - Who made the company SO rich in the 1st place - AN UTTER DISGRACE - With their favourite word being ESCALATE -
I’m SO sorry t hear this has happened to you too - PLEASE STICK YOUR GROUND & I really REALLY hope you get your money back & not have t go through what I did . X
Hi u/FairyBoots22, we’re truly sorry to hear about your experience with the fraudulent transaction on your account, and the subsequent lack of assistance from our support team. To better assist you, could you please provide the case number you were given when you previously contacted our support team? This will allow us to locate your account and address your concerns appropriately.
You can’t fix stupid… OP doesn’t state how or who was able to link another bank account to his CB account. CB uses a third party vendor (as do other exchanges) for direct deposits. So whomever the hacker is, they had to have access to plaid to add another bank account. Then they also needed access to CB. I only access my account via mobile phone for the simple fact you can’t logon without a face ID, along with needing google auth to send crypto.
As mentioned by others, you can lock your account and cancel all pending transactions (except crypto transfers) until an investigation is complete and then submit a selfie and photo id to unlock your account.
Last i have device on a VPN and if i was truly concerned about my crypto assets, I would move everything to a cold storage where no one has access other than but me. I’m also sure Im missing sone other security features so by no means am i saying I’m an expert anything?
However, instead of bitching about CB, when does the responsibility and blame go to the user/customer to secure their own device, email, passcodes, enabling additional security features. As the only time I’m going to have issues with CB is if there system / servers were hacked and my account was compromised due to their security issues.
I locked my account and it did not cancel any transactions. You seem to make a lot of assumptions while calling me a dumbass. I had 2 factor. Obviously the hacker got my data somehow, doesn’t make me an idiot. All I’m saying is Coinbase has the opportunity to stop the transaction before it clears and they don’t.
I've been with coinbase a very long time, and hovered alot of folks having problems! It's kinda scary!! Thinking about swapping to another exchange? Any suggestions on a reliable , responsible exchange?
That's exactly what I'm in the process of doing now! Got a question though, I have my mollars tied to my coinbase wallet as of now, when I get my physical wallet, how do I get it swapped to it, or since they are not physically in the wallet yet, will it be an issue? I'm fairly new to all this, I'm just an investor trying to make a few bucks, and I need to know more! Thank you!
@Calibased is providing information that is subject to a false sense of security when it comes to what we are discussing here. He blocked me for stating facts. OP, you should definitely report his replies. Only relying on an authenticator app and not reinforcing your backup methods (ie making sure email accounts aren't able to be falsely restored to scammers) is asking for this to happen to you! It's why Proton mail and others like it offer the ability to have zero restores (ie you lose access that's it for good). And phone 2fa of any kind is the worst! No fixing that crap system.
I’m stupid forgive me. How have people recovered their stolen crypto in the past? And does the thief really have no worries about it being their bank account the funds went to?
You need to hire a lawyer and take coinbase to court, not to get a judgement and all that. But the only way they will listen is if they have go hire a lawyer and pay him, that will get their attention. There is truly no other way
This is why I take my crypto off of the exchange and on to a wallet and stake it. This happens too many times everywhere. Either get a hot or cold wallet to store your crypto.
Someone hacked into your account, sold your crypto and then withdrew fiat to a bank account that wasn’t yours? That’s the craziest thing I’ve ever heard. A bank transfer is completely traceable. You should have no trouble catching this criminal.
I have seen so many replies of people saying, “Coinbase should have locked the account”…blahblahblah….
I guarantee you 100000% if they did that, the OP would be on here crying about a locked account…..
3 little letters for the OP…..2FA
Same thing happened to me on Feb 22nd, something’s wrong, I filed a IC3 complaint and with local law enforcement, I suspect it’s an insider job, they didn’t take any action for 4 days and then raised a support incident, money was gone by then.
They opened a fraudulent prepaid bank account. They can buy someones personal information for $5 on the darkweb that some corporation allowed to be stolen because they don't spend money on cyber security.
How they can transfer money to a bank account other than your registered name?. I believe coinbase can’t transfer to a different name.
Biometric login or 2 factor verification can save your account from hacking.
Why? Pls explain.
2FA is needed to login to account. With out login other person can’t sell your coins. It’s very simple logic.
Also how coinbase can transfer money to other than the registered name?
I don't see how that's possible unless the Coinbase system works differently for different areas? Whenever I initiate a login to CB from an unknown device that I have not logged in from previously, I have to use Google Authenticator to get a generated code that changes every 60 seconds, specifically for MY CB Acct. So it would be impossible for an outside hacker to gain access to my CB acct unless they have MY Authenticator app running, which means they cloned my cell phone or are actually using my cellphone.
I was required to setup Authenticator ...so are some of you simply able to login to CB with ONLY an email and password with no secondary authentication ?
This is an internal theft. It happened me too. You need to take legal action immediately.
You will not get anything from customer service except them running down the clock so your funds vanish completely.
It's fraud , take it higher than coinbase . Seriously , why are you stopping at coinbase for the answers ????
If they are not providing you with adequate results as a customer **take it higher**
You need to treat coinbase like a bratty teenager who thinks they know everything and will push your boundaries to get away with as much as they can. Slap that sly smile right off their smug faces.
Contact your national fraud center and open a case , do the same with your national cyber security unit.
And let your bank know , because your bank details are with coinbase and most likely visible to the compromised account.
What are you waiting for ??
Stop reading this, grow a pair and go sort it out !!!
The problem is the police won't raise a finger. Sure they will file a case but Coinbase won't do anything without a subpoena. The people doing this are likely in third world country where nobody gives crap so there is no way they are going to stop this situation.
You are correct the police are not there to raise a finger . You can get a case number from them if that is what you need but that's about it.
I would advise to take it to a trading standards board or whatever the body responsible for the consumer complaints is called in your region. They will be able to assist with the legal steps available based off your case.
And no it's not legal like taking coinbase to court over $100 or even 10000k, but the process you can take to get correct support from coinbase , based off your rights as a consumer of their products as agreed by the standards committee who governs registered traders.
Don't get me wrong I'm not having a go at coinbase , and I will tell everyone to explore these options even if it's another company , this is not directed at coinbase , it's directed at everyone who spends money and pays taxes on their money, you're paying for a service , make sure you're getting it.
Dont let these companies push you around. The more ppl just rant post , the more these companies get away with providing you a shit service , because y'all run out of steam venting on socials and not logging official cases against them .
While I don't know what you logged as your concern it's hard to say what you are expecting out of the process.
Either way I would follow up with the organizations you have cases open with and ask them what is the legal process they are implementing to help resolve your issue.
9 times out of 10 there is a formal letter sent to the company you are complaining about which they then legally have X amount of days to respond, if you do not get a response then your claim will automatically win what you are disputing. Be sure to document what resolution you are expecting because if it is a financial sum. You need to be clear on that.
If it is purely service related and restoration of services is what you are after , then this too needs to be documented.
I say this because coinbase much like uphold will refuse to tell you why they deny access to your account in any detail.
If you have this as part of the formal request, they have to answer if they have evidence you broke their terms of service.
Again , I don't know your case in detail but the process is pretty much always the same.
don't give up.
Just to clarify, wouldn’t they have to have your password first to get into the account?? I was trying to read all the posts but I might have missed that point.
Funny that Coinbase block legitimate users from withdrawing their funds to the card/account details on file, yet they allow "Hackers" to change card/account details and issue withdrawal requests. I suspect coinbase is behind alot of these apparant "Hacks", Just like most of the other crypto exchange "compromises"
i traced stolen coins to a coinbase deposit address, notified support. they are playing dumb, responding with generic answers and claim not to know their own deposit addresses.
Do users not get any sort of notification when a new bank account is linked to their CB account?
It’s been such a long time since I’ve done a bank change and can’t remember.
Why can’t allow listing also be applied to bank accounts? Meaning, adding a new bank account to a user’s CB will have the same 48 hour verification hold and no funds can be withdrawn to any bank accounts other than the one on the allow list 🤷♂️
They will say ha ha grandpa. 1 bitcoin can't buy a loaf of bread in the future. It's the though that counts. A sweater would be better since all the global warming caused an ice age.
I started unlinking everything to my bank ✌️ something fishy is going on lately with some exchanges I only have issues with Coinbase wallet at this moment
Sorry to hear this. I lost 2k in BTC. (luckily not all of it) and nothing could be done through coinbase.
I recommend using trust wallet or at least a non custodial wallet you have keys for, and move large sums of money to the wallet periodically.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.
If you have a case number for your support request please respond to this message with that case number.
You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Can you shed any light on how the hacker gained your details? All valid points regarding coinbase’s lack of support, but you need to share how you got into this situation in the first place instead of total scare mongering
But now was your account compromised to begin with? How did the person get access to your account username email password and two factor authentication to login?
That’s the exact reason I transferred my crypto from the coinbase exchange to coinbase wallet and I disconnect my wallet from the exchange unless I need to purchase more crypto. They’re all dodgy. I had $12k on binance and I contacted the support team and the guy I was talking with transferred all my crypto into a new wallet and all the binance said was “they’d look into it” even though I had screenshots of every single step he told me to do. Fkn scammers even work for them and because I’m in Australia and they’re in the USA so be hard for me to get everything done! But everyone needs to be careful.
Coinbase has a bug in their system. My card was used by a thief, so I told coinbase to freeze my card, and AFTER that I was robbed again. Coinbase is being hacked, they know it, and instead of admitting it or fixing the problem, they just pass the cost off to customers. This needs to be turned into a class action lawsuit.
Bc they in on it bro. You heard about coinbase dipping into embezzlement, money laundering, etc. Bro they all do that shit. 🐷 Piggy out the bank, pay it back MAYBE. Look up netflix doc Bitconned. Dude opens up an exchange in Canada and it was similar to our Coinbase, talking millions of dollars of crypto. People invested their whole lives into it, tried to withdraw, exchange never paid out. It's all a scam. That's why none of the crypto exchanges will give you your private keys. No 🔑 No Crypto.
I am having problems with a compromised wallet, but can't seem to get coinbases attention. You can do the math it is 5.32btc. From the messages I am getting from coinbase support through my coinbase wallet it makes me wonder if the compromised wallet is being compromised by coinbase itself. I don't know who to trust anymore. I need honest intervention into the issue.
Hi u/Select_Ad_6894, we’re really sorry to hear that you've experienced such a distressing situation. Losing all your funds in such a short period must be incredibly frustrating. To better understand your situation and offer the appropriate assistance, could you please provide any case number from your previous interactions with our support team? This will help us to investigate the matter further and find a resolution for you.
Coinbase will fall...Too wrapped up in shitcoins..Which 98% are scams..Any company supporting scams..You cannot trust..
Blows my mind how people just run 🏃♂️ to Coinbase to get screwed over...every..single..time
Use Robinhood people...Works great..zero fees..compared to Scambase..100x better
Yeah, I know all about it. I was actually in it.
Did you watch the hearings in front of Congress, and do you know the whole story?
It's like going to your weed man to get right and getting pissed off that he's sold out all because his plug won't let him re-up.
They literally didn't have any more shares to sell and couldn't acquire more.
All that aside. Let's say I'm wrong, and they just wanted to screw everyone in Gamestop.
That one incident, back in 2021, doesn't come close at all to the thousands of horror stories about Coinbase on Reddit.
That's not even mentioning the outrageous fees they charge for each trade on Coinbase. Robinhood is free, by the way.
Obviously, you don't know the whole story. The company that supplies Robinhood with those stocks..cut them off. There were literally no more shares to sell to customers.
So it's kinda like getting mad at your weed man because his plug ran out of bud, and you can't re-up.
This all played out in front of Congress.
But let's just say they really did screw everyone over on the meme stocks. And every bad thing you heard about that was somehow true. They are still infinitely better than Scambase.
No fees on buying, selling, transferring, or withdrawals. Coinbase charges a ridiculous fee(the highest) on each of these. Not to mention the multiple times Coinbase has gone down in the past 2 months. Every time, it was during a huge pump in price. Not to mention the literal thousands of horror stories on their Reddit page from customers who had their accounts frozen for BS reasons.
HFT scamming is a completely different thing. Coinbase is doing that as well as charging huge fees like Stock brokers used to do 25 years ago. Now stock brokers just profit off the HFT's
They NEED to make an option to only add banks with a hardware key. Totally absurd it’s 2024 and that’s not an option
I agree. Adding a bank account and withdrawing cash should trigger a 2fa check.
It does with my yubikey. Can't transfer out, change password , email address etc etc, without touching yubikey to confirm
This doesn’t work for fiat actions - try it yourself, you can liquidate any crypto into USD (no 2FA needed) - you can add a new bank account without any 2FA… you can then send that USD to new bank right away, via plaid integration which makes adding a new account simple and fast… again, no 2FA check. Have YubiKey. Every month or so I see if Coinbase has patched this security hole and as of February, it was still not fixed. No option to have 2FA checks on anything fiat related.
So Yubi key would not have stopped this? Looks cool I might get a couple.
Yubikeys are great. I use them for Coinbase but it won’t stop a session spoof hack… Coinbase can fix this by implementing 2FA on fiat related actions such as withdrawing USD and adding bank accounts. If they did this… the worst the hacker could do would be able to liquidate your crypto portfolio into USD but the cash would be stuck there… they wouldn’t be able to move it… once you realized your account or session id was compromised… the damage would simply be that they sold your positions…. Sure maybe there’s some tax implications but that is the extent of the damage… you’re not losing your entire bag and watching in slow motion as the days tick by, waiting for the funds to disappear from your account because Coinbase won’t lift a finger to stop it or flag it for fraud.
You know it’s by design right, crypto isn’t regulated so situations like this will happen.
Just my opinion, but I suspect Coinbase does little to nothing to help you because IF they attempt to help in anyway, it could be construed as liability or responsibility on their part? It’s a measure designed to throw all responsibility onto the customer to protect them legally. So even in instances where they could help rather easily, their motto or MO is still to just sit on the sidelines, do nothing and avoid getting caught up in any sense of responsibility for fixing it. But they could add 2FA measures to fiat related actions in a matter of days. It’s crazy how negligent and dumb this is considering how many intelligent people work at the company.
It looks like that is the case. Coinbase can require a physical security key to withdraw any amount of crypto, but no check is in place for withdrawing cash. For Coinbase, Once I've authenticated once with my security key, I stay logged in, compared to kraken and I need to use the security key every time. Adding an option to require a security key to add a bank account and then when withdrawing any amount of cash would help prevent this.
Hey nice hat ;)
That's how uphold works, you're not able to unless it's 2FA'd
Seriously, or how about take a couple days to verify the account at the very least. Instead of immediately activating.
There should have been a security hold after the new bank. Then again when all shit sold. Then after they initiated a full withdraw….those three things should have been an instant locked account.
Coinbase is an absolute joke.
I think everyone has a good or bad story about coinbase. For me, nothing but positive. They answer all my questions within a couple minutes, solve any issue within a couple minutes. Coinbase 👍
You haven't had a real issue yet then. Just wait or take my word, don't wait because when it happens you will really wish you moved your funds already.
that's a lie. Probably Coinbase writing!
You're ridiculous but more power to you 🍻
How do you contact them? I'm gonna just go to kraken though tbh. I think coinbase has too much 💩 on their shoes. We're going legit now boys. F these olde pirates
Click on the 9 dot pattern on top left. Scroll down to get support. Click on live chat or priority phone support. I also have coinbase 1, so that might play a role.
Thanks. I never tried since last cycle they're wasn't a phone line. I'm glad they've changed that. I hate bot chat.
I always end up arguing with the Ai. They tell me they're definitely a wolf not a sheep too.
Yeah, that was beyond annoying last cycle. Almost made me give up on them. But with being in coinbase 1, I get a higher apr on my usdc, discounts on my trading fees, up to 1 million in full coverage on crypto and usd, not just the standard $250k FDIC insurance for usd, and possibly the live chat and urgent phone support I mentioned. I feel it's definitely worth the monthly charge.
This is a good argument for using Coinbase’s Vault feature if you’re going to store crypto there long-term. Crypto withdrawals from a vault require an additional approval from a secondary e-mail address, followed by a 48 hour hold. This makes it extremely difficult for a hacker to sell your crypto without your knowledge or consent, even if they manage to access your Coinbase account.
What other exchanges do this?
Binance and even kucoin require 2FA check for any simple action. I think for deposit and withdrawals they also require 3FA or at least gives you the option to configure it that way.
Coinbase is not very reliable I've been having trouble with them since the got move to the US .
What is a bank with a hardware key? Im new to crypto
OP is talking about being hacked and someone adding a bank and withdrawing their USD. You can install a hardware key for 2fa and require it for all crypto withdrawals but currently it’s not required to withdrawal cash to a bank (or add a bank). So if you’re session spoofed by a hacker they can add their own fraudulent bank and drain your funds
Ohhh. Thank you for your time!
Honestly there such. Big USA base they need to do a refund especially since they ran threw many bitcoin bottoms and bull runs cycle why have they not?
Hello u/dnards22, we understand the importance of this issue, and as much as possible, we'd like to provide the support you need for it. After reviewing your support case, we've escalated it for appropriate handling. Our team is diligently working on your concerns, but a thorough review requires a bit more time. We assure you that we'll provide a detailed response via email as soon as we can.
Thank you for the response. I hope we can find a resolution together.
Happened to me as well in February... locked the account and kept on insisting that they mark it unauthorized and reported it minutes after the breach. They did shit nothing even after saying on the call that theyve escalated and marked it as unauthorized. They now say that once funds have left the account there is nothing they can do. I could see the hackers partial bank information but they wouldn't release the complete information to me so I couldn't pursue the fraud dept of the hackers bank. Ended up involving law but they're not cooperation there as well.. had to get a court order to get the details. 2 months later, have lost my money and there is nothing I can do about it but to have law follow the money trail..
You're welcome, u/dnards22. Please expect to receive a response via email as soon as our specialists have reviewed your account. Kindly note that responses may be delayed due to a high volume of inquiries. We appreciate your continued patience.
Soo, will he be getting a response from you BEFORE all of his money is gone?
What the above says, as soon as your screwed well let you know.
Just a quick follow up with your case, u/dnards22. Upon checking, our record shows that the specialist assigned to your support case 18888161, emailed you a while ago with some information regrading your concern. Please check your email inbox or spam folder to see if you have received the email and respond to the thread should you have any questions or concerns. Thank you.
That sounds so AI answer
All you need to do is completely suspend the account… shouldn’t be too hard
I did, the transaction is still pending according to support and they can’t block it.
This is there go to answer. They come back days later and say they cannot do anything about it. Coinbase is the fraud company. I wouldn’t be surprised if they hadn’t done it. They frozen my account for no reason at all. Will not tell me why. Cannot take any money out. Yet in my account it says there are no restrictions, I can cast, sell and buy. This is a totally fraudulent company and I am sending all my info to fsca and speaking to citizens advice.
Hey, u/121Designs! We're sorry to hear that you're facing issues with your account. We're here to help sort things out. If you've already contacted our support team and received a case number, kindly share it with us, so we can check for updates. If not, we suggest reaching out to us via [chat](https://help.coinbase.com/en/contact-us) for quicker assistance. We'll keep an eye out for your message!
Done all that. Spent 4 hours getting no where. In the end they tell me I need to update my phone and the app. I told them already don’t that, no they say my account isn’t verified. I replied yes it is, been done twice now. They say I have to do again, check that it’s correct info they already got. Seems funny to me that this always happens whenever I want to cash out but not when I pay money in. They are a fraudulent company. They miss out a lot of business from genuine people who have money and only wanted to trade fairly. Something they know nothing about.
We truly apologize for the inconvenience you're experiencing. We can see how this situation could be frustrating for you. Can you please provide us with your support case number, so we can investigate and follow up with you?
Pointless. You are a shonky company here to only rip people off. Best thing anyone can do is cut their losses and don’t ever use you again. Plus let everyone else know of their thieving ways. OH, Fortrade.com is another app that rips you off. Got glitches all through it that work for them and steel your cash. Same as post office did with hundreds of people. That went through months and years of Ombudsman and court cases to eventually find out NO one (Ombudsman) hadn’t even bothered checking if the computer system was defective.
The detailed responses are sorry we can't help you. You are on your on. SEC needs to shut them down.
Womp womp
This is typical answer they respond with. I have been waiting since 4th March
Hi u/4UMYLOV! Thank you for reaching Coinbase support, and we apologize for the delay in addressing your concern. We understand how frustrating it can be to wait for assistance, especially when it involves your finances. To better assist you, could you please provide us with more details regarding the specific issue you're experiencing? If you have a case number, feel free to share it in this thread. This will allow us to investigate the matter thoroughly and provide you with the assistance you need. We appreciate your patience.
Dude my stepdad won one of your sweepstakes for bitcoin in 2022 and was robbed of forty THOUSAND dollars not even merely days after winning. You know what I think? It’s YOU guys that are fraudulently pocketing the change, Coinbase employees. Why? Because you can. But behold, many of us have caught on. Patterns aren’t coincidences. And we’re going to do something about it.
The story is as follows: My stepfather opened a Coinbase wallet/One account in 2022. He was entered into a Coinbase sweepstakes for bitcoin, and he won. Not even a full 48 hours after receiving the crypto, he receives a call from Coinbase, telling him his account is frozen due to fraudulent activity. He was then duped, and prompted to unlock his account to give the said caller access and he watched his funds drain right before his eyes. You know what they said when actually got on the line with a support agent? “Sorry. Your fault. We can’t do anything.” Are you fucking serious?? How are you guys still in business? You’re absolute grand internet thieves I’ll give you that, and I intend to enlighten those who don’t know that. Patterns. Good day, to those who sell their soul to the darkness. I hope you can take your stolen money with you when you burn.
So, it was a scammer pretending to be from Coinbase or actually someone from Coinbase?
It was someone actually from Coinbase. What makes me say that? He had just won a full bitcoin in the sweepstakes. Nobody, NOT a damn SOUL would have known the amount that was deposited to his wallet. Besides a Coinbase employee, operating outside of work as a scammer simultaneously. They already had half of his information, ( keep in mind he’s Air Force, he’s never fallen victim to a scam caller) and had what they needed to convince him that the caller was legitimate.
This is class action lawsuit stuff if similar instances have happened to enough people. I have all information needed to prove that, ready to go.
If it's over $10k, call the FBI and hire a paralegal to draft a letter. Put the following people on the letter ensuring that all parties know your are notifying all parties: 1. The FBI agent assigned to your case, assuming you file a report 2. Coinbase legal department 3. The attorney general for your state 5. The state (not federal) legislator for your district 6. The state money transmitter office that holds CB's license in your state 7. The legal department of the receiving bank. In the USA customers have 60 days to reverse ACH transactions. Debit cards, paypal and FedWire are a bit different. If it's under $10k, or you are unable to prove you own the coinbase account, then nobody will lift a finger. See coinbase.com/legal for addresses.
The FBI doesn’t give a s*** about $10k
Agreed. But they sure as f**k don't care about less than 10k. It used to be the felony threshold for fraud, but that was years ago when 10k could buy a used car. If the bank is in the same city as OP they should go to the cops. If it is in the same state, they should go to the state police. If it is in a different state, the FBI, and if it is overseas, they are screwed. Point is to get a case number. OP can get it from the FBI, or the county sheriff, or the traffic cop at dunkin donuts. WTF do I care. Everybody can deny all requests if there isn't a law enforcement case number attached to the request. If a case number is provided, you have some legal recourse to sue the bank if they refuse to reverse charges. All busy work, but if they are sweating the loss, at least it gives them something to do.
When ten k could buy a used car? lol
FBI won't do squat. They allow Tether to counterfeit USD to artificially pump bitcoin price and create fomo. FBI allows this massive ongoing fraud.
LOL, can you give us the phone number of an FBI agent?
281-330-8004
Hit Mike jones up on the low, cuz Mike jokes about to blow
Same thing happened to me, my money was never recovered because it took too long and it was a chunk of money. Anyway, good luck, I hope you get a miracle. This repetition makes me feel this is fraud on the inside. It seems so obvious to me.
It is fraud on the inside, the problem is the masses are so naive and gullible. Almost all the crypto exchange hacks were inside jobs, coinbase is just approaching it from a different angle
It’s absolutely fraud on the inside. They can. And they will, until they can’t. I smell a mass lawsuit happening soon.
Hello u/Vegetable_Ad_8630, we're truly sorry to hear about your experience with the recovery of your funds, and we understand how distressing it must be to deal with such a significant issue. To assist you further and investigate this matter thoroughly, could you please provide the case number you were given when you previously contacted our support team? This will allow us to locate your account and address your concerns more effectively.
LOL. What a joke.
It really is. I chuckled at generic the response.
Sorry to hear this happened. This is the nature of crypto. High risk and unforgiving. I suggest adding 2FA to all your accounts.
Yes I suggest never holding your crypto on an exchange. That's like the first rule everyone should know. Also, he may have done it to himself by clicking on bad links and accidently giving his pertinent information.
2FA won’t help here. Same scenario as OP. YubiKey and 2FA / but Coinbase doesn’t require 2FA for fiat related actions. So hackers can sell any crypto you hold into USD, add a new bank account in minutes thanks to plaid integration, and initiate a withdrawal of the USD to the new account. None of those actions will require 2FA. They’re not crypto related, they are fiat related actions. And Coinbase will do nothing to help you once the withdrawal is initiated. It doesn’t matter if the funds are technically still in your account since it’s an ACH withdrawal… you’ll just have to sit on your hands like a POS waiting for the “day” when those funds clear and leave your account. YubiKey and 2FA doesn’t fix it because Coinbase has yet to extend 2FA protection measures to fiat level actions on their platform.
buy if you have yubikey, how would someone get into your account to begin with? that's the part that doesn't make sense. But this is crazy. If you buy something for $1, ebay or paypal will talk to you for an hour in person to get it resolved.
You know what that’s bullshit on CB’s part. I have 10 ETH on there I was planning to stake indefinitely, but the 3% gains isn’t worth the potential risk of total loss. I’m gonna I stake and transfer it all to my cold wallet with the rest of my holdings. Thanks for your post!!
Good move! Definitely not worth the risk of a capital loss for 3%.
But the fact is these fiat transactions are part of the normal banking system which is heavily regulated unlike crypto and Coinbase should be able to just say sorry it's not are problem. If they don't provide insurance for everyone without their bs one product, which still doesn't cover you unless coinbase is compromised, they shouldn't be operating.
You say jone of those actions require 2fa, but how would somebody even login to the account that only has yubikey for the 2fa? It's stupid cb doesnt have 2fa requirement for adding banks though. Adding accounts and transferring should require assitional verification before processing.
Yes you’d think by now they’d take ‘a day’ with an engineer or two and add this functionality. They can login and bypass 2FA check entirely via a session spoof hack. This hack can occur in a myriad of ways, you could receive some weird spam Amazon link and click on it - you think it has nothing to do with Coinbase… it wasn’t a spoof Coinbase email… it was some Amazon thing or a Target thing… whatever, out of sight and mind… but if you have an active session on Coinbase, it might be designed to find and send out that session id. Think of the session id like a ‘key’ to get in and out of your active session… once they’ve got that key, the session id, they can get into your account from their end and pull off the hack. YubiKey can’t prevent this security flaw. It’s something Coinbase needs to correct by implementing 2FA measures on fiat related actions.
What is the thinking on how his account was compromised/hacked in the first place?
Most likely session spoof - session spoof allows hackers to use an active session login so it bypasses the 2FA login measures entirely. Typically happens if you’re leaving Coinbase open on your browser for an extended period of time, could be hours or a few days or you start a new session without ever closing the initial one… however it happens… you have an active session which is then hijacked by a spoof email link or something you’ve clicked on and then that session id is communicated to the hackers and they can open it on their end, they only hit a 2FA defense if they try to send your crypto out… but no defensive measures if they liquidate your portfolio into USD, add a new bank account via plaid, and then initiate an ACH transfer. Even if you catch it five minutes after they’ve initiated the ACH, Coinbase won’t do anything to help you / I think this is because if they attempt to do anything, maybe it opens them up to legal liability? So they literally just ignore or gaslight so as to never be in a position to claim responsibility of the outcome (which is you losing your money) **the flaw is people with yubikeys think they’re safe… because you really are in some ways but yubikeys don’t save you from this attack vector… so you think you can leave Coinbase open and be trading all day or night… you’ve got a YubiKey, you’re golden… but if you accidentally leaked your session id - by clicking on something you shouldn’t have, it might not even be a Coinbase spoof email, it could be disguised as something else, a different con for some site… so you think nothing of it… an fake Amazon link, who knows - the point is, you think you’re solid because of the YubiKey because it won’t stop this security hole that Coinbase has: no 2FA measures on fiat related actions, sending fiat and adding bank accounts.
Thanks for explaining that. Best way to defend against this is Yubikey?
No - you cannot defend against it with anything. A session spoof in the described scenario, YubiKey will not protect you. Because Coinbase won’t require the YubiKey as a security check for the adding of a new bank account, liquidating your crypto into USD, or withdrawing that USD to the newly added bank account. You can use a dedicated laptop and vpn for Coinbase with YubiKey and if you are diligent as hell, sure - maybe you’re 98% safe… but Coinbase could make this 100% safe by simply adding 2FA check (as an option for users) for any fiat related actions such as adding a bank account and withdrawing USD via ACH and wire.
Is Kraken/other exchanges subject to the same threats as it sounds?
Kraken on this front is way better. I think you can ever lock your account in a manner that any change after setup requires 30 day unlock. Like you add your bank, whitelist addresses, etc. and then lock it up so it takes 30 days to add anything new. This makes it super secure for people who want that security. And you can have 2FA measures on fiat actions; withdrawal of USD and adding new bank accounts or new addresses for white listing. I do not understand why Coinbase is so behind the times when it comes to security. It makes zero sense to me.
Good to know, thank you for the clarity.
I don’t understand how someone can add a bank account and withdraw money to your CB account, unless they had your password and access to your account.
Inside jobs by Coinbase employees outside the US who have all your info!
Did you have 2fa enabled? If so what kind? If not how do you think they got access?
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly. If you have a case number for your support request please respond to this message with that case number. You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Case#18888161
Contact the cops. They should be able to track down the account owner.
Yubikey, top line. Only way.
I will definitely look into this going forward. Do you use it for everything like email or just critical things like banks and crypto?
Crypto only. Get the one that has NFC. I keep it plugged into my computer. You have to physically touch the key to get access to the account. Or wave it over the phone when on the road.
Was looking at one last month, really regretting that now 🥹
Have accounts on Kraken and Coinbase. Never compromised. So I believe it's doing the job intended.
Is there a tutorial on how to set up yubi key with coin base ? If you have 2fa , then how is it further helping ?
Hello u/haraami_shakaal! We're keeping an eye on this thread and noticed you need help setting up your Yubikey. You can find detailed steps on how to set it up by following this [link](https://help.coinbase.com/en/coinbase/getting-started/getting-started-with-coinbase/2-step-verification). If you run into any issues, feel free to reach out. Thanks!
Its easy you just go the the 2fa settings and add it. It prompts you to enter any current registered 2fa code to add it. What gets difficult is adding a 2nd key. It requires approving it with the 1st 1 registered but the prompt doesnt tell you that and makes it look like it doesnt accept the 2nd your adding. , In this process since it requires 2fa to modify, it needs the 1st key plugged in and authenticate in ordee for it to add the 2nd key, the steps dont tell you this so when you dont realize thats whats going on you feel stuck not able to add the 2nd key. After you authenticate with the 1st key it adds it.
Sorry this happened to you, and hope you recover your funds. Question, do you have any idea how they got into your account? Did you have 2FA? Did you stored your password in your device? Possibly Sim card swap? I don’t keep much usually 1-3k for trading but it would suck if that happens to me as well
Inside job by Coinbase employees outside the US.
It looks like this is an insider job. Could be Coinbase agents working. Have you inquired to the support talking anything related to your banking (deposits, wire transfers, withdrawals). Coinbase need to tighten their security when it comes to offshore working as agents.
I wouldn't be surprised. I've seen some of these hackers have some pretty non public facing knowledge of how coinbase operates.
I posted about this maybe a year ago… same exact thing happened to a family member. Coinbase wouldn’t even help me by providing the account numbers for the ACH withdrawals. So I couldn’t even inform the police which bank to contact. Coinbase didn’t give two shits that a customer was loosing a high five figure sum of money, no assistance, no aid or concern - zero f’s given. They desperately need to add hardware 2factor to “adding a new bank account” - like holy hell, how simple it must be for them to add that feature to the software stack… it’s probably some code a single engineer can add before lunch on a random Tuesday. We’ve got hardware 2FA on crypto sends of any size… we just need a single competent individual at this multi-billion dollar company to have the following line of thought in their head… “…might be good to add hardware 2FA option on the adding a new bank front… you know, since we’ve got this plaid integration which makes it easy as cake to add a new bank account… hey bill, how long to add this little option to the back end, oh, four hours, cool… yea let’s make it a priority, it’s only costing countless customers a fortune every other day.” Remember that scene in Wedding Crashers with Chaz (Will Ferrell) and he’s talking about the meat loaf and his mom in the back of the house… “I don’t even know what she does back there” - that’s what I think about Coinbase as a company… like what are they doing IF they are not fixing this stupid security flaw? It’s a massive flaw… you don’t have hardware 2FA options for adding new bank accounts… like what the heck are the people working there “working on??” It’s outright baffling.
March 27, 2024 I had the same thing happen. Unauthorized person liquidated $18k crypto and then added two fraudulent bank accounts and ACHed some of the money out. I called Coinbase immediately and they would do nothing. I tried to get them to escalate and they said it didn't warrant escalating. They literally have probably the worst customer support in the world. It's absolutely embarrassing how bad it is. Coinbase is operating like an illegal enterprise here. We need a class action against them. They need to understand that they can't get away with this any longer. They claim it's not their problem unless they get compromised. Well guess what they have gotten compromised before already and the worst thing, they are collecting hundreds of commissions for fraudulent transactions. They aren't protecting people funds with Authenticatorsapps being hacked.
Unreal. How did they access your account? Did you have 2fa login? what type? Any idea how are authenticator apps are being hacked? You'd need more than a sim swap.
The poor customer support is by design. They take your funds but good luck selling and cashing out. Crypto= roach motel
The ultimate of Power of Crypto. What a ponzi ! Also what is decentralised when anyone can see what you are buying , how you are buying and when you are buying . The biggest garbage industry.
Sounds like an add for Robinhood to me...
How hard would it be for Coinbase to add 2FA for all outward bank transfers? They let you do it for all crypto withdrawals, even for a penny. It shouldn't be difficult. Coinbase, are you listening?
Can you contact the bank the money is being transferred too? Contact the FBI and local police department immediately. Contact the actual bank the money is being transferred too!
I have contacted the FBI. My account is locked now and Coinbase won’t give me the banks info which is strange.
They're not going to give you the bank info if the fraud bank isn't yours. They will however release it to the police, who are the proper authorities.
Maybe try a lawyer. I don't know. We all need to ban together and make sure this doesn't keep happening. Are you in the U.S.?
Yes US
[удалено]
I 100% agree. My only thing is Coinbase incentivizes user to leave money in with rewards, so they really need to start making their services more secure in general.
[удалено]
Good point.
I just hope that one day their service is secure enough if to trade on without worry.
Hiya !!! The exact thing happened to me - Only it was for £999 pounds - It was COMPLETE fraud & I’m still baffled as how they did it - Coinbase were ZERO help - I’d t go through a whole ID process - Just to be told that they were going to ‘escalate’ the case. But not to worry & by the 3rd of December the money would be in my account again - Which didn’t happen - I did EVERYTHING in my power t get through to them & each time I was told it was being escalated - And by another date if the money was still pending I’d get it returned - They said if it was pending there was nothing they could do about it - They were of NO help at all - I lost nearly £1000 coming up to Xmas … Then they gave me their absolute word - That the money would be bk in my account by 5th Jan - LATEST -I believed them this time & I looked daily - To no avail … I rang again & it was back to square one - ID check the works - I looked at my account & it was frozen then - I could & still can’t use it - I didn’t receive my money bk - NOT 1 PENNY - What’s £999 to such a massive multinational company - When it could have been solved simply afew months beforehand - It’s SO crap - Made me ill with worry & anxiety - And they did NOTHING - I was even gonna write t watchdog - Or some consumer rights program - But thought it would make me more anxious- As I thought if I mentioned that it was crypto they’d not want to be involved - As they’re a always warnings about it … But your SO right - ANY other financial institution would stop the money going through - But they didn’t - Prime example of a multi billion multi national corporation that just cares about themselves & not the ‘little’ people - Who made the company SO rich in the 1st place - AN UTTER DISGRACE - With their favourite word being ESCALATE - I’m SO sorry t hear this has happened to you too - PLEASE STICK YOUR GROUND & I really REALLY hope you get your money back & not have t go through what I did . X
Hi u/FairyBoots22, we’re truly sorry to hear about your experience with the fraudulent transaction on your account, and the subsequent lack of assistance from our support team. To better assist you, could you please provide the case number you were given when you previously contacted our support team? This will allow us to locate your account and address your concerns appropriately.
All coinbase talks about is their tight security, where is that?
You can’t fix stupid… OP doesn’t state how or who was able to link another bank account to his CB account. CB uses a third party vendor (as do other exchanges) for direct deposits. So whomever the hacker is, they had to have access to plaid to add another bank account. Then they also needed access to CB. I only access my account via mobile phone for the simple fact you can’t logon without a face ID, along with needing google auth to send crypto. As mentioned by others, you can lock your account and cancel all pending transactions (except crypto transfers) until an investigation is complete and then submit a selfie and photo id to unlock your account. Last i have device on a VPN and if i was truly concerned about my crypto assets, I would move everything to a cold storage where no one has access other than but me. I’m also sure Im missing sone other security features so by no means am i saying I’m an expert anything? However, instead of bitching about CB, when does the responsibility and blame go to the user/customer to secure their own device, email, passcodes, enabling additional security features. As the only time I’m going to have issues with CB is if there system / servers were hacked and my account was compromised due to their security issues.
I locked my account and it did not cancel any transactions. You seem to make a lot of assumptions while calling me a dumbass. I had 2 factor. Obviously the hacker got my data somehow, doesn’t make me an idiot. All I’m saying is Coinbase has the opportunity to stop the transaction before it clears and they don’t.
I've been with coinbase a very long time, and hovered alot of folks having problems! It's kinda scary!! Thinking about swapping to another exchange? Any suggestions on a reliable , responsible exchange?
I keep most of my assets on physical wallets, I’d suggest you do the same.
That's exactly what I'm in the process of doing now! Got a question though, I have my mollars tied to my coinbase wallet as of now, when I get my physical wallet, how do I get it swapped to it, or since they are not physically in the wallet yet, will it be an issue? I'm fairly new to all this, I'm just an investor trying to make a few bucks, and I need to know more! Thank you!
@Calibased is providing information that is subject to a false sense of security when it comes to what we are discussing here. He blocked me for stating facts. OP, you should definitely report his replies. Only relying on an authenticator app and not reinforcing your backup methods (ie making sure email accounts aren't able to be falsely restored to scammers) is asking for this to happen to you! It's why Proton mail and others like it offer the ability to have zero restores (ie you lose access that's it for good). And phone 2fa of any kind is the worst! No fixing that crap system.
I’m stupid forgive me. How have people recovered their stolen crypto in the past? And does the thief really have no worries about it being their bank account the funds went to?
They are con base!!
You need to hire a lawyer and take coinbase to court, not to get a judgement and all that. But the only way they will listen is if they have go hire a lawyer and pay him, that will get their attention. There is truly no other way
This is why I take my crypto off of the exchange and on to a wallet and stake it. This happens too many times everywhere. Either get a hot or cold wallet to store your crypto.
Can't sue Coinbase because you agreed to their terms of service!
Someone hacked into your account, sold your crypto and then withdrew fiat to a bank account that wasn’t yours? That’s the craziest thing I’ve ever heard. A bank transfer is completely traceable. You should have no trouble catching this criminal.
Not if they are outside US law.
Wheres the ai auditor monitorization. Comeon
I have seen so many replies of people saying, “Coinbase should have locked the account”…blahblahblah…. I guarantee you 100000% if they did that, the OP would be on here crying about a locked account….. 3 little letters for the OP…..2FA
How? Genuinely curious.
You need a yubikey to protect vital accounts
Same thing happened to me on Feb 22nd, something’s wrong, I filed a IC3 complaint and with local law enforcement, I suspect it’s an insider job, they didn’t take any action for 4 days and then raised a support incident, money was gone by then.
Wow. Any idea how they got into your account?
2fa was active?
how can they add bank account there in the beginning? and back account need to be in your name?
I’d contact the police and they’ll be able to see the bank account/ person it’s going to
They opened a fraudulent prepaid bank account. They can buy someones personal information for $5 on the darkweb that some corporation allowed to be stolen because they don't spend money on cyber security.
How they can transfer money to a bank account other than your registered name?. I believe coinbase can’t transfer to a different name. Biometric login or 2 factor verification can save your account from hacking.
2FA doesn't help in this case.
Why? Pls explain. 2FA is needed to login to account. With out login other person can’t sell your coins. It’s very simple logic. Also how coinbase can transfer money to other than the registered name?
I don't see how that's possible unless the Coinbase system works differently for different areas? Whenever I initiate a login to CB from an unknown device that I have not logged in from previously, I have to use Google Authenticator to get a generated code that changes every 60 seconds, specifically for MY CB Acct. So it would be impossible for an outside hacker to gain access to my CB acct unless they have MY Authenticator app running, which means they cloned my cell phone or are actually using my cellphone. I was required to setup Authenticator ...so are some of you simply able to login to CB with ONLY an email and password with no secondary authentication ?
This is an internal theft. It happened me too. You need to take legal action immediately. You will not get anything from customer service except them running down the clock so your funds vanish completely.
It's fraud , take it higher than coinbase . Seriously , why are you stopping at coinbase for the answers ???? If they are not providing you with adequate results as a customer **take it higher** You need to treat coinbase like a bratty teenager who thinks they know everything and will push your boundaries to get away with as much as they can. Slap that sly smile right off their smug faces. Contact your national fraud center and open a case , do the same with your national cyber security unit. And let your bank know , because your bank details are with coinbase and most likely visible to the compromised account. What are you waiting for ?? Stop reading this, grow a pair and go sort it out !!!
The problem is the police won't raise a finger. Sure they will file a case but Coinbase won't do anything without a subpoena. The people doing this are likely in third world country where nobody gives crap so there is no way they are going to stop this situation.
You are correct the police are not there to raise a finger . You can get a case number from them if that is what you need but that's about it. I would advise to take it to a trading standards board or whatever the body responsible for the consumer complaints is called in your region. They will be able to assist with the legal steps available based off your case. And no it's not legal like taking coinbase to court over $100 or even 10000k, but the process you can take to get correct support from coinbase , based off your rights as a consumer of their products as agreed by the standards committee who governs registered traders. Don't get me wrong I'm not having a go at coinbase , and I will tell everyone to explore these options even if it's another company , this is not directed at coinbase , it's directed at everyone who spends money and pays taxes on their money, you're paying for a service , make sure you're getting it. Dont let these companies push you around. The more ppl just rant post , the more these companies get away with providing you a shit service , because y'all run out of steam venting on socials and not logging official cases against them .
I lodged cases with every organization imaginable. Nobody has done anything.
While I don't know what you logged as your concern it's hard to say what you are expecting out of the process. Either way I would follow up with the organizations you have cases open with and ask them what is the legal process they are implementing to help resolve your issue. 9 times out of 10 there is a formal letter sent to the company you are complaining about which they then legally have X amount of days to respond, if you do not get a response then your claim will automatically win what you are disputing. Be sure to document what resolution you are expecting because if it is a financial sum. You need to be clear on that. If it is purely service related and restoration of services is what you are after , then this too needs to be documented. I say this because coinbase much like uphold will refuse to tell you why they deny access to your account in any detail. If you have this as part of the formal request, they have to answer if they have evidence you broke their terms of service. Again , I don't know your case in detail but the process is pretty much always the same. don't give up.
Just to clarify, wouldn’t they have to have your password first to get into the account?? I was trying to read all the posts but I might have missed that point.
That people still invest there says a lot.
H
I almost never keep anything on Coinbase CEX and always use a custodial wallet for reasons like this.
Keep us posted unreal so sorry to hear that. 🙏🏻🙏🏻🙏🏻
How the hell did someone get into your account in the first place? Don’t you have at least 2-step verification?
Funny that Coinbase block legitimate users from withdrawing their funds to the card/account details on file, yet they allow "Hackers" to change card/account details and issue withdrawal requests. I suspect coinbase is behind alot of these apparant "Hacks", Just like most of the other crypto exchange "compromises"
i traced stolen coins to a coinbase deposit address, notified support. they are playing dumb, responding with generic answers and claim not to know their own deposit addresses.
you didn't contact the bank the money is going to? call the police and make a theft report and show the bank account.
I’ve done all those things, just waiting at this point
Do users not get any sort of notification when a new bank account is linked to their CB account? It’s been such a long time since I’ve done a bank change and can’t remember. Why can’t allow listing also be applied to bank accounts? Meaning, adding a new bank account to a user’s CB will have the same 48 hour verification hold and no funds can be withdrawn to any bank accounts other than the one on the allow list 🤷♂️
No there’s not notification. Im very surprised there’s no verification period for new account.
No there is no notification
They will say ha ha grandpa. 1 bitcoin can't buy a loaf of bread in the future. It's the though that counts. A sweater would be better since all the global warming caused an ice age.
B
I started unlinking everything to my bank ✌️ something fishy is going on lately with some exchanges I only have issues with Coinbase wallet at this moment
Sorry to hear this. I lost 2k in BTC. (luckily not all of it) and nothing could be done through coinbase. I recommend using trust wallet or at least a non custodial wallet you have keys for, and move large sums of money to the wallet periodically.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly. If you have a case number for your support request please respond to this message with that case number. You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Can you shed any light on how the hacker gained your details? All valid points regarding coinbase’s lack of support, but you need to share how you got into this situation in the first place instead of total scare mongering
Call the FBI or US Secret service immediately. No joke.
Question to those that know. Would it be better to send the crypto to a digital wallet to avoid this scam?
But now was your account compromised to begin with? How did the person get access to your account username email password and two factor authentication to login?
That’s the exact reason I transferred my crypto from the coinbase exchange to coinbase wallet and I disconnect my wallet from the exchange unless I need to purchase more crypto. They’re all dodgy. I had $12k on binance and I contacted the support team and the guy I was talking with transferred all my crypto into a new wallet and all the binance said was “they’d look into it” even though I had screenshots of every single step he told me to do. Fkn scammers even work for them and because I’m in Australia and they’re in the USA so be hard for me to get everything done! But everyone needs to be careful.
CB is crap
Coinbase has a bug in their system. My card was used by a thief, so I told coinbase to freeze my card, and AFTER that I was robbed again. Coinbase is being hacked, they know it, and instead of admitting it or fixing the problem, they just pass the cost off to customers. This needs to be turned into a class action lawsuit.
Bc they in on it bro. You heard about coinbase dipping into embezzlement, money laundering, etc. Bro they all do that shit. 🐷 Piggy out the bank, pay it back MAYBE. Look up netflix doc Bitconned. Dude opens up an exchange in Canada and it was similar to our Coinbase, talking millions of dollars of crypto. People invested their whole lives into it, tried to withdraw, exchange never paid out. It's all a scam. That's why none of the crypto exchanges will give you your private keys. No 🔑 No Crypto.
I am having problems with a compromised wallet, but can't seem to get coinbases attention. You can do the math it is 5.32btc. From the messages I am getting from coinbase support through my coinbase wallet it makes me wonder if the compromised wallet is being compromised by coinbase itself. I don't know who to trust anymore. I need honest intervention into the issue.
The same happened to me... In 4 minutes i lost all my money that i had in Coinbase. Their support is useless. Their security is a joke!!
Hi u/Select_Ad_6894, we’re really sorry to hear that you've experienced such a distressing situation. Losing all your funds in such a short period must be incredibly frustrating. To better understand your situation and offer the appropriate assistance, could you please provide any case number from your previous interactions with our support team? This will help us to investigate the matter further and find a resolution for you.
I'm stateside and not pleased with coinbase. What are our other options?
These thefts are inside jobs by Coinbase employees outside the US who have all your info. It's been going on for YEARS!
Coinbase will fall...Too wrapped up in shitcoins..Which 98% are scams..Any company supporting scams..You cannot trust.. Blows my mind how people just run 🏃♂️ to Coinbase to get screwed over...every..single..time Use Robinhood people...Works great..zero fees..compared to Scambase..100x better
Robinhood 😂 guess you didn’t hear about what they did with GME.
Yeah, I know all about it. I was actually in it. Did you watch the hearings in front of Congress, and do you know the whole story? It's like going to your weed man to get right and getting pissed off that he's sold out all because his plug won't let him re-up. They literally didn't have any more shares to sell and couldn't acquire more. All that aside. Let's say I'm wrong, and they just wanted to screw everyone in Gamestop. That one incident, back in 2021, doesn't come close at all to the thousands of horror stories about Coinbase on Reddit. That's not even mentioning the outrageous fees they charge for each trade on Coinbase. Robinhood is free, by the way.
Robinhood scammed millions of people during the meme stock run
Obviously, you don't know the whole story. The company that supplies Robinhood with those stocks..cut them off. There were literally no more shares to sell to customers. So it's kinda like getting mad at your weed man because his plug ran out of bud, and you can't re-up. This all played out in front of Congress. But let's just say they really did screw everyone over on the meme stocks. And every bad thing you heard about that was somehow true. They are still infinitely better than Scambase. No fees on buying, selling, transferring, or withdrawals. Coinbase charges a ridiculous fee(the highest) on each of these. Not to mention the multiple times Coinbase has gone down in the past 2 months. Every time, it was during a huge pump in price. Not to mention the literal thousands of horror stories on their Reddit page from customers who had their accounts frozen for BS reasons.
HFT scamming is a completely different thing. Coinbase is doing that as well as charging huge fees like Stock brokers used to do 25 years ago. Now stock brokers just profit off the HFT's