My Coinbase account was hacked... Any possible resolution to recover funds. If nothing else, maybe it will save one of you from losing funds.

[w8tlifterty]

I'll preface by saying I ignorantly left my balance on the coinbase exchange rather than transferring to a wallet.

At approximately 330am I received a text stating my Coinbase account password had been changed. I woke around 355am to find this and immediately called the number to find that my phone's account had been suspended and could not make the call. Someone had ported my IMEI and took control of my phone. I live alone and immediately drove to the nearest gas station to try and use a phone. I was able to create a 'support ticket' w Coinbase eventually online around 5am but could not block access to my account bc I wasn't calling from the cell number on file w Coinbase (bc it had been in someone else's control and I couldn't call from my phone bc he/she somehow suspended the account). I called my phone's provider but could not reach live customer service. I was also locked out of email bc they changed my password to it as well.

After getting my IMEI number/account back under my control about 3 hours after the breach I called Coinbase support. They had locked the account and began investigating. I did have 2fa set up but somehow someone had all my passwords and pin keys.

Here is the response I eventually got from Coinbase-
In line with this, our records indicate your account was accessed on 2021-11-30 from the IP -----------------, using a Windows 10 device. This IP is authenticated with your password, your 2FA security codes and the device confirmed via hyperlink sent to your email. This means the attacker had access to your password, 2FA security codes and email to conduct this activity. Using these compromised credentials, they were able to initiate some external sends
Additionally, please note that all Cryptocurrency transactions that are confirmed on the blockchain are irreversible. Coinbase has no information on ownership of external cryptocurrency addresses, and because this is an external process and there is no way for Coinbase to cancel, reverse, or recover these funds.
End

This above is I guess the summary of the investigation and basically states I'm shit out of luck. I could not get any further info from Coinbase support which is large a joke as I've come to find out.

There is a 2k limit on daily transactions from my bank. They, being Coinbase and the person in control of my account tried to ach debit another $983.00 out of the bank account after the Coinbase account should have been locked? I've contacted all financial institutions and blocked any further transactions. Contacted all necessary parties to begin the identy hack process.

They would not give me any info regarding how much was taken (I'm assuming all). They will not let me back into the account bc the said they are having issues providing password reset emails to a certain large provider. They asked that I create a new account and whatever balance is left will be brought over to the new account (merged). I created the new account and am awaiting there response. Oddly, they said I'd be prompted to provide a new selfie, identification, etc.... Yet I wasn't. My account was immediately created without asking for further identification aside from there initial questions about address history.

All very odd and after researching, sounds very similar to their breach in October but Coinbase again is not assuming any liability.

This was not a small some of money. Again, I realize I'm the dumbass that should have took more precautions but if any of you have any experience in this or have had it happen, please advise. I'm at this point chalking it up as a (huge) loss that hits me pretty hard. I adhere to the principal of not investing what you can't afford to lose but I didn't expect to lose it this way. It was namely ETH, so not only have I lost my investment, I've lost its potential as well. Rough day brothers, fucking rough.

Get your funds into a private wallet and don't keep on an exchange. I guess I never thought I'd happen to me and am fairly ignorant in the crypto game/technology area. I got burned, big.

I keep updating my process w Coinbase but the above sounds like the funds have been transferred, the account is currently locked and I can't gain access. I created a new account and am currently awaiting word from Coinbase as to when they will merge the two accounts if infact there is a balance left from the original. They will not give me info of how much was transferred nor anything regarding the locked account.

 

[Cabron]

Someone had ported my IMEI and took control of my phone

how does this happen?

 

[w8tlifterty]

how does this happen?

I have no idea and dont know if I explained it right. I woke up and couldn't use my phone. Said account had been suspended. Couldn't call out or text. My email password had been changed has had my coinbase password been changed as well as the PIN to get in. Once I finally got a hold of my phone carrier, they said that the IMEI had been changed overnight and there was $100 charge on my account and the account had been suspended.

I also had a 8-digit pin to my phone carriers account which they had also changed so I could not get into my phone carrier account online.

 

[Pheedno]

What phone and carrier do you use?

 

[w8tlifterty]

Metro by T-Mobile. They acknowledged that the phone was ported to a new IMEI (or whatever the terminology is) overnight around 330am. They charged me $97.83 for the IMEI change and suspended the account after that took place. I tried to get into the account to immediately pay the $97 fraudulent charge but the attacker had changed the 8 digit pin on that account as well.

I have contacted all my financial institutions, froze credit etc but it seems this is Coinbase centered only at this time. I don't know if I should change carriers and phones now or not? How he ported the phone over and I received no notifications from Metro/TMobile is beyond me. I thought you had to do that in-store as a security measure?

 

[w8tlifterty]

I've called Metro customer service again and they said the 'device change' took place at 245am on 11.30.21. They said it happened in the store. I asked how that was possible at 245am in the morning and they said to call corporate. I doubt that will get me anywhere but I'll try once the open for the day.

 

[Pheedno]

I've called Metro customer service again and they said the 'device change' took place at 245am on 11.30.21. They said it happened in the store. I asked how that was possible at 245am in the morning and they said to call corporate. I doubt that will get me anywhere but I'll try once the open for the day.

I know absolutely nothing about phone technology but that sounds like it was an employee of the phone company

 

[w8tlifterty]

I know absolutely nothing about phone technology but that sounds like it was an employee of the phone company

That was my first thought as well. Customer service was very cryptic in their answers to my questions due to liability concerns I'm sure. I'll reach out to Metro corporate shortly and see if that can get me any further. I have to think they have a large security/fraud department. I don't know how else someone could have gained control of my entire phone and it's contents.

 

[Pheedno]

w8t, any update to this issue?

 

[goback2013]

Guys need to keep their coins on a local cold storage wallet.

 

[w8tlifterty]

w8t, any update to this issue?

Still collecting evidence. Took 41 emails w CB support to finally get back into my coinbase account. Pulled transaction history and there were 37 pages of transactions. 2 of them were mine the other 100+ was a hacker or inside job converting all my crypto assets into BTC and transferring small amounts into two separate addresses. The IP address that took over my account was in a far away land and how there was no algorithms in place to prevent this is beyond me. I’ll try to prove negligence in arbitration. Ohhh, but Coinbase did give me $10 in BTC bc they acknowledged I received terrible customer service . You and I have discussed in private, and you roughly know how much I lost. Filed a formal complaint, they of course denied any wrong doing. I’ve pulled the user agreement from when this happened. It’s been updated twice since as they are well aware this is happening. I’m seeking arbitration now. Wil cost me $200 and them $5k.

T-Mobile is a joke. They transfer me from one dept to another and then I mysteriously get disconnected when asking for records. They did send me a letter acknowledging that my account was hacked and sim swapped. How this happened at 2am in a store is beyond me, but they won’t give me further info. I’m writing a letter formally requesting records of what happened in the timeframe all this happened. T-Mobile is under fire right now for this sim swap issue. I’ve been told I can also go after the phone company but that might be tough sledding.

Check out the Facebook group ‘Conbase’ and you’ll see this happening all the time w this particular company (Coinbase).

I did have 2fa set up, all the recommended security measures except for transferring my assets off their exchange into a cold wallet.

It’s been a long month and a half and I’ve gained little ground but now that I finally gained access to my original account after 40+ days, I can gather more evidence.

It took me 40 days, literally 8+ different verification photos of myself, my ID, hand written notes that said this is me (yes, this was requested by Coinbase support) and multiple people just to get me back into my account YET someone was able to change my password and fail 3 times from a different IP address nowhere near me, finally get into my account, change the password, change my authenticator, change my app password, convert all my ETH into BTC and then transfer out xxxxx dollars in roughly 100 separate small transaction (after me making literally 2 transactions in a span of 6 months) to two different addresses all in roughly 40 minutes or less. They also tried to pull more money out of the bank account that was attached to the CB account after it was supposedly ’locked’. I’ve got those charges back but now CB says I owe them bc the funds were converted and transferred. I’m in touch w a two ppl who have been successful in arbitration so we will see what happens.

I know Coinbase comes recommended by some here but I’d recommend anyone holding coins on their exchange to get it off as quickly as possible. I should have been much smarter w the amount I held. I was ignorant for leaving it on their exchange.

 

[goback2013]

Still collecting evidence. Took 41 emails w CB support to finally get back into my coinbase account. Pulled transaction history and there were 37 pages of transactions. 2 of them were mine the other 100+ was a hacker or inside job converting all my crypto assets into BTC and transferring small amounts into two separate addresses. The IP address that took over my account was in a far away land and how there was no algorithms in place to prevent this is beyond me. I’ll try to prove negligence in arbitration. Ohhh, but Coinbase did give me $10 in BTC bc they acknowledged I received terrible customer service . You and I have discussed in private, and you roughly know how much I lost. Filed a formal complaint, they of course denied any wrong doing. I’ve pulled the user agreement from when this happened. It’s been updated twice since as they are well aware this is happening. I’m seeking arbitration now. Wil cost me $200 and them $5k.

T-Mobile is a joke. They transfer me from one dept to another and then I mysteriously get disconnected when asking for records. They did send me a letter acknowledging that my account was hacked and sim swapped. How this happened at 2am in a store is beyond me, but they won’t give me further info. I’m writing a letter formally requesting records of what happened in the timeframe all this happened. T-Mobile is under fire right now for this sim swap issue. I’ve been told I can also go after the phone company but that might be tough sledding.

Check out the Facebook group ‘Conbase’ and you’ll see this happening all the time w this particular company (Coinbase).

I did have 2fa set up, all the recommended security measures except for transferring my assets off their exchange into a cold wallet.

It’s been a long month and a half and I’ve gained little ground but now that I finally gained access to my original account after 40+ days, I can gather more evidence.

It took me 40 days, literally 8+ different verification photos of myself, my ID, hand written notes that said this is me (yes, this was requested by Coinbase support) and multiple people just to get me back into my account YET someone was able to change my password and fail 3 times from a different IP address nowhere near me, finally get into my account, change the password, change my authenticator, change my app password, convert all my ETH into BTC and then transfer out xxxxx dollars in roughly 100 separate small transaction (after me making literally 2 transactions in a span of 6 months) to two different addresses all in roughly 40 minutes or less. They also tried to pull more money out of the bank account that was attached to the CB account after it was supposedly ’locked’. I’ve got those charges back but now CB says I owe them bc the funds were converted and transferred. I’m in touch w a two ppl who have been successful in arbitration so we will see what happens.

I know Coinbase comes recommended by some here but I’d recommend anyone holding coins on their exchange to get it off as quickly as possible. I should have been much smarter w the amount I held. I was ignorant for leaving it on their exchange.

+1.. move your coin to a local cold storage wallet... only problem with that is, you need to keep the storage device safe.. good thing is, if you know your mnemonic seed phrase, you can restore access to your local wallet.

 

[Pheedno]

Sorry this happened, w8t and I hope you can get some kind of recourse. Since your incident, I don't have any access to any crypto from my phone. Bought a seperate laptop for that use that is secured and use a yubiko key that requires my touch to get into the computer and coinbase account.
I need to set up a cold wallet as well and split some amounts up.

 

[w8tlifterty]

Sorry this happened, w8t and I hope you can get some kind of recourse. Since your incident, I don't have any access to any crypto from my phone. Bought a seperate laptop for that use that is secured and use a yubiko key that requires my touch to get into the computer and coinbase account.
I need to set up a cold wallet as well and split some amounts up.

Awesome man, if anything, I’m glad it spurred you to take extra security measures and secure your funds. So cool to hear.

I guess I viewed it as I view my bank. If I enter one wrong password w any of my banks, red flags fly up. Someone clearly hacked my account from a different country using a device I’ve never logged on or used, immediately changed passwords, changed my email in my coinbase account, changed the authenticator, from a different IP address and commenced to move a large some of money in roughly 100 small transactions. Yet, no kind of security measures were taken and things happened even after the account was supposedly ‘locked’. They once locked my account when trying to pull funds out several months ago, as I said it took me over 40 days and 42 emails to be exact just to get back into an account w a ZERO balance yet they allowed immediate movement despite clear security breaches, of a quite large sum of money. I could actually understand their side of their weren’t so many clear and undeniable things that should have been flagged or the account automatically locked. Makes no sense.


I have time stamps and hopefully through arbitration, I’ll be able to prove my case. It’s a billion dollar company that pays lobbyist millions every quarter so I realize it’s a small chance but I do think I have sufficient evidence to prove negligence and void the user agreement (breach of contract?). We shall see.

I still can’t figure out how they figured out two specific passwords unless they mirrored my phone somehow or it’s an inside job w/in coinbase or the phone company? Those specific passwords were ONLY kept in my head, are long phrases, and literally have zero connection to anything.

 

[Jefe]

All scammers must die!

On the bright side, people will read the post and learn. Really sucks you got taken. Ugh.

 

[goback2013]

If you didnt create your keys you DONT OWN the wallet.

 

[UnholyAlliance]

I know this thread's 2 years old, but @w8tlifterty if your phone got cloned and thus broken into you better change every email and account that's attached to that device then remotely wipe it if possible. Did you get a new phone with brand new number? Metro by T-Mobile sounds like a prepaid device and prepaids are trouble...I'd switch to a regular phone plan and have it activated at a store in a reputable location.

 

[UnholyAlliance]

I may add in the future don't have any access to your crypto from your phone but purchase a cheap laptop just for accessing your crypto like was suggested.

 

[Jefe]

I know this thread's 2 years old, but @w8tlifterty Metro by T-Mobile sounds like a prepaid device and prepaids are trouble...I'd switch to a regular phone plan and have it activated at a store in a reputable location.

They are one of the budget places that piggyback on a major carrier.

I’m finially giving in and getting started in crypto and I’m paranoid I have the wrong url or wrong app or whatever. Poof money gone. I need bitcoin for dummies.

 

[Jefe]

I may add in the future don't have any access to your crypto from your phone but purchase a cheap laptop just for accessing your crypto like was suggested.

You can store the wallet on a USB drive right? Only plug it in when buying or selling? Sounds safe from What little I understand