- Joined
- Aug 24, 2004
- Messages
- 1,512
I'll preface by saying I ignorantly left my balance on the coinbase exchange rather than transferring to a wallet.
At approximately 330am I received a text stating my Coinbase account password had been changed. I woke around 355am to find this and immediately called the number to find that my phone's account had been suspended and could not make the call. Someone had ported my IMEI and took control of my phone. I live alone and immediately drove to the nearest gas station to try and use a phone. I was able to create a 'support ticket' w Coinbase eventually online around 5am but could not block access to my account bc I wasn't calling from the cell number on file w Coinbase (bc it had been in someone else's control and I couldn't call from my phone bc he/she somehow suspended the account). I called my phone's provider but could not reach live customer service. I was also locked out of email bc they changed my password to it as well.
After getting my IMEI number/account back under my control about 3 hours after the breach I called Coinbase support. They had locked the account and began investigating. I did have 2fa set up but somehow someone had all my passwords and pin keys.
Here is the response I eventually got from Coinbase-
In line with this, our records indicate your account was accessed on 2021-11-30 from the IP -----------------, using a Windows 10 device. This IP is authenticated with your password, your 2FA security codes and the device confirmed via hyperlink sent to your email. This means the attacker had access to your password, 2FA security codes and email to conduct this activity. Using these compromised credentials, they were able to initiate some external sends
Additionally, please note that all Cryptocurrency transactions that are confirmed on the blockchain are irreversible. Coinbase has no information on ownership of external cryptocurrency addresses, and because this is an external process and there is no way for Coinbase to cancel, reverse, or recover these funds.
End
This above is I guess the summary of the investigation and basically states I'm shit out of luck. I could not get any further info from Coinbase support which is large a joke as I've come to find out.
There is a 2k limit on daily transactions from my bank. They, being Coinbase and the person in control of my account tried to ach debit another $983.00 out of the bank account after the Coinbase account should have been locked? I've contacted all financial institutions and blocked any further transactions. Contacted all necessary parties to begin the identy hack process.
They would not give me any info regarding how much was taken (I'm assuming all). They will not let me back into the account bc the said they are having issues providing password reset emails to a certain large provider. They asked that I create a new account and whatever balance is left will be brought over to the new account (merged). I created the new account and am awaiting there response. Oddly, they said I'd be prompted to provide a new selfie, identification, etc.... Yet I wasn't. My account was immediately created without asking for further identification aside from there initial questions about address history.
All very odd and after researching, sounds very similar to their breach in October but Coinbase again is not assuming any liability.
This was not a small some of money. Again, I realize I'm the dumbass that should have took more precautions but if any of you have any experience in this or have had it happen, please advise. I'm at this point chalking it up as a (huge) loss that hits me pretty hard. I adhere to the principal of not investing what you can't afford to lose but I didn't expect to lose it this way. It was namely ETH, so not only have I lost my investment, I've lost its potential as well. Rough day brothers, fucking rough.
Get your funds into a private wallet and don't keep on an exchange. I guess I never thought I'd happen to me and am fairly ignorant in the crypto game/technology area. I got burned, big.
I keep updating my process w Coinbase but the above sounds like the funds have been transferred, the account is currently locked and I can't gain access. I created a new account and am currently awaiting word from Coinbase as to when they will merge the two accounts if infact there is a balance left from the original. They will not give me info of how much was transferred nor anything regarding the locked account.
At approximately 330am I received a text stating my Coinbase account password had been changed. I woke around 355am to find this and immediately called the number to find that my phone's account had been suspended and could not make the call. Someone had ported my IMEI and took control of my phone. I live alone and immediately drove to the nearest gas station to try and use a phone. I was able to create a 'support ticket' w Coinbase eventually online around 5am but could not block access to my account bc I wasn't calling from the cell number on file w Coinbase (bc it had been in someone else's control and I couldn't call from my phone bc he/she somehow suspended the account). I called my phone's provider but could not reach live customer service. I was also locked out of email bc they changed my password to it as well.
After getting my IMEI number/account back under my control about 3 hours after the breach I called Coinbase support. They had locked the account and began investigating. I did have 2fa set up but somehow someone had all my passwords and pin keys.
Here is the response I eventually got from Coinbase-
In line with this, our records indicate your account was accessed on 2021-11-30 from the IP -----------------, using a Windows 10 device. This IP is authenticated with your password, your 2FA security codes and the device confirmed via hyperlink sent to your email. This means the attacker had access to your password, 2FA security codes and email to conduct this activity. Using these compromised credentials, they were able to initiate some external sends
Additionally, please note that all Cryptocurrency transactions that are confirmed on the blockchain are irreversible. Coinbase has no information on ownership of external cryptocurrency addresses, and because this is an external process and there is no way for Coinbase to cancel, reverse, or recover these funds.
End
This above is I guess the summary of the investigation and basically states I'm shit out of luck. I could not get any further info from Coinbase support which is large a joke as I've come to find out.
There is a 2k limit on daily transactions from my bank. They, being Coinbase and the person in control of my account tried to ach debit another $983.00 out of the bank account after the Coinbase account should have been locked? I've contacted all financial institutions and blocked any further transactions. Contacted all necessary parties to begin the identy hack process.
They would not give me any info regarding how much was taken (I'm assuming all). They will not let me back into the account bc the said they are having issues providing password reset emails to a certain large provider. They asked that I create a new account and whatever balance is left will be brought over to the new account (merged). I created the new account and am awaiting there response. Oddly, they said I'd be prompted to provide a new selfie, identification, etc.... Yet I wasn't. My account was immediately created without asking for further identification aside from there initial questions about address history.
All very odd and after researching, sounds very similar to their breach in October but Coinbase again is not assuming any liability.
This was not a small some of money. Again, I realize I'm the dumbass that should have took more precautions but if any of you have any experience in this or have had it happen, please advise. I'm at this point chalking it up as a (huge) loss that hits me pretty hard. I adhere to the principal of not investing what you can't afford to lose but I didn't expect to lose it this way. It was namely ETH, so not only have I lost my investment, I've lost its potential as well. Rough day brothers, fucking rough.
Get your funds into a private wallet and don't keep on an exchange. I guess I never thought I'd happen to me and am fairly ignorant in the crypto game/technology area. I got burned, big.
I keep updating my process w Coinbase but the above sounds like the funds have been transferred, the account is currently locked and I can't gain access. I created a new account and am currently awaiting word from Coinbase as to when they will merge the two accounts if infact there is a balance left from the original. They will not give me info of how much was transferred nor anything regarding the locked account.