Coinbase: hacked accounts and disappointed users

Hacked accounts

Several incidents are described in a long article CNBC. One in particular stands out: Tanja and Jared Vidovic, who say they lost $ 168,000 in cryptocurrencies on Coinbase’s account. They received a security alert and made a bitter discovery as soon as they accessed their account.

Other similar experiences with significant losses are described. They all have one thing in common. This vulnerability was not caused by Coinbase, but by individual users, probably victims of SIM Swap attack.

In fact, it happens that the attacker manages to take control of the user’s SIM card. In this way, they have direct access to the phone, its control, theft of data and sensitive information and their sale on the darknet. Users are thus vulnerable to a vulnerability that cannot be attributed to Coinbase.

Support

But everyone turned to Coinbase for support. The answer is almost always that Coinbase cannot do anything, because it is a breach that cannot be attributed to the exchange and it is impossible to roll back the transaction once it has been verified on the blockchain.

The stories told by CNBC are only a small part. Take a look at the Coinbase support twitter profile, the official customer support profile, and you’ll find many comments from users who have been hacked and haven’t received the help they need.

Many complained, in particular, that the assistance was limited to exchanging e-mails.

What does Coinbase do?

Coinbase recently stated on its blog that they are fully aware of this phenomenon. The so-called ATOs (account takeovers) concern 0.01% of users, which is 6800 cases out of 68 million users. Definitely not enough. In any case, Coinbase has activated telephone support for these users.

The Exchange does everything to protect its customers:

• 2FA is mandatory,
• Authentication is required in case of access from an unknown device;
• It is recommended that you use hardware security keys to protect your accounts.

However, it cannot prevent phishing, SIM swap, and various scams that compromise device security and open account doors to strangers.

Nevertheless, Coinbase said:

“Our goal is to protect our customers who are involved in cryptoeconomics, while providing them with the best possible user experience. That means we realize that our work never ends in terms of security and support – and remain a top priority for Coinbase. ”

What to do to protect yourself

Whether the unfortunate victims like it or not, Coinbase is not responsible for their losses. In fact, those living in the world of cryptocurrencies know that one of the first rules is not to keep their funds on exchanges. It is always better to move them to a hardware wallet. Leaders in the field are Ledger and Trezor.

Then there are other simple rules that need to be followed to avoid fraud. One is to pay special attention to phishing emails, which is communication that appears to come from a trusted source and that requires you to reset your username and password. Although these emails are exactly identical in layout to what you would expect from this type of sender, whenever you receive such a request to reset your data, you should always ask yourself the question: why? At this time, it’s never a bad choice to contact the sender directly to make sure the email is genuine.