Numerous Coinbase users found their accounts empty, hacked. Someone managed to sneak into their profiles and withdraw cryptocurrencies.
Covering these stories is CNBC in a lengthy report.
The hacked Coinbase accounts
Several incidents are recounted in the long CNBC article. One, in particular, stands out: it is that of Tanja and Jared Vidovic, who tell of having lost 168,000 dollars in cryptocurrencies kept in the Coinbase account. They had received security alerts, and as soon as they accessed their account, they made the bitter discovery.
Other similar experiences are recounted, with significant losses. They all have one thing in common. The vulnerability was not caused by Coinbase but by individual users, probably victims of SIM swapping cases.
In fact, it happens that an attacker manages to take control of the SIM card of the unlucky user. This way, they have direct access to the phone, control it, steal data and sensitive information, and sell them on the dark web. This way, users find themselves with hacked accounts due to a vulnerability that cannot be attributed to Coinbase.
Coinbase Support
But all of them have turned to Coinbase support for assistance and refreshment. Almost always, the answer is that Coinbase can’t do anything, as it’s a breach not attributable to the exchange, and it’s impossible to reconvert a transaction once it’s validated on the blockchain.
The stories told by CNBC are but a small part. Just take a look at Coinbase Support’s Twitter profile, the official one dedicated to customer support, to discover many comments from users who had their accounts hacked and didn’t get the assistance they wanted.
Many complained, especially about never interacting with the exchange, with assistance limited to just exchanging emails.
What Coinbase is doing
Coinbase recently made it known in a blog post that they are fully aware of the phenomenon. The so-called ATOs (account takeovers) concern 0.01% of users, which out of a population of 68 million members makes 6,800 cases. They are certainly not few. In any case, Coinbase has activated phone support for this user.
The exchange does everything it can to protect its customers:
- 2FA is mandatory,
- Verification is required in case of access from an unknown device;
- The use of hardware security keys to protect accounts is encouraged.
However, it cannot prevent cases of phishing, SIM swaps, and various scams that compromise device security and open account doors to unknown malicious individuals.
Nevertheless, from Coinbase they let it be known:
“Our goal is to protect our customers as they participate in the cryptoeconomy while also providing them the best user experience possible. That said, we recognize that our work is never done when it comes to security and support — and they remain a top priority for Coinbase.”
What to do to protect yourself
Whether the unfortunate victims like it or not, Coinbase is not responsible for their losses. In fact, those who live in the cryptocurrency world know that one of the first rules is not to keep their funds stored on exchanges. Always better to move them on a hardware wallet. The leaders in the industry are Ledger and Trezor.
Then there are other simple rules to follow to avoid running into accidents and scams. One is to pay particular attention to phishing emails, communications that appear to come from a trusted source that requires you to reset your username and password. Even if those emails are perfectly identical in layout to the ones you would expect to receive from that type of sender, whenever you receive such a request regarding the resetting of your data, you should always ask yourself the question: why? At this point, contacting the sender directly to make sure the email is original is never a bad option.
The post Coinbase, hacked accounts and disappointed users appeared first on The Cryptonomist.