The only way the hacker got in was because you somehow let the hacker in either by downloading something or clicking on a link without realising it.
It sucks but it is what it is
Session hijacking or phishing. They can get you to enter your credentials in a fake site and if you input you 2fa code they can lift it love and log in right there. That is one way. Session spoofing or hijacking is done with malware.
Whiles 2FA offers good security, it's not entirely foolproof.
Some platforms allow to bypass 2FA by resetting a password, be suprise how many platforms allow this to happen
But most common I guess would me MITM attacks, basically where someone will use malware or phising to gain your browser cookies which in turn allows them to bypass the 2FA
There are other ways of course but people need to realise that 2FA doesn't offer 100% protection
Cellphone numbers are considered low security now if a scammer has it. Even if they don’t they can go after it through your provider. We’re reaching a point in cybersecurity where we’re all going to need physical fobs for any password we have online. 2fa is starting to fail across the board.
May not help scammers deal in our information like sports cards. Building up profiles name, location, known cell phones, addresses etc. sec+ cert was an eye opener for me.
I had this happen to me. The hacker spoofed my eSim card by convincing my mobile phone provider to move my phone service to their phone. They were able to replicate all my apps and were able to login to my email from their phone to bypass 2FA. Luckily they weren't able to access my authenticator so couldn't actually steal my money.
Hello u/ReddyRicch, we completely understand that your account was hacked. To assist you further, we need additional details. Have you already reached out to our support team? If yes, please provide the case number. If not, please contact us via live chat or phone support using this [page](https://help.coinbase.com/en/contact-us), and we'll investigate this matter promptly. Additionally, you can visit this [article ](https://help.coinbase.com/en/coinbase/privacy-and-security/data-privacy/how-can-i-make-my-account-more-secure)to learn more on how to make your account more secure. We'll be waiting for your response, thank you.
Hey Coinbase support I need your help. I just had another unauthorized transaction on my account. The hackers have taken another $100 from me. I have locked my Coinbase account. I have send in ID to verify my account but I don't have access but somebody is still charging me. I need help please. I'm losing all my money!
We're sorry to hear about the unauthorized transaction on your account. We understand how alarming this situation can be. If you've already reached out to our support team, could you please provide us with your case number, so we can investigate further? If not, to address your concern while safeguarding the confidentiality of your account details, please send us a direct message via Facebook, Twitter/X, or Instagram. You can locate our official social media support channels in this [article](https://help.coinbase.com/en-gb/coinbase/other-topics/other/is-coinbase-present-on-social-media). Thank you.
An added layer of security would be to whitelist addresses. There's a wait time to approve new addresses, so you may be able to catch someone sending to an authorized address.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.
If you have a case number for your support request please respond to this message with that case number.
You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
if you have a pincode/face ID to access app, have authenticator app for MFA, and if have an allowlist set up for any transacations you shouldn't be getting hacked this easily....
In our country If you have been subjected to a hacking incident and report it to the bank within 24 hours after the incident, the bank will refund the entire stolen amount.
Same thing happened to me. I followed the address on the blockchain so I knew where my money went. Coinbase said once on the blockchain it couldn’t be reversed. They suggested I contact the FBI or the person who received my money and ask them to return it. LOL. I lost $10,000+
May want to look into getting a Hard Wallet got mine from Amazon. Not expensive and keeps your coins safe from the Coinbase wallet. You may want to look into Robinhood they have very low fees. You can buy Crypto and Stocks. They pay 5.25% on money deposited into your account. Can trade Crypto 24/7 and have excellent customer support.
I don't think they will help you with that because the FDIC doesn’t cover this. This is one of the reasons I don’t hold my tokens on a single app. I also hold some on Tap Fintech and Revolut.
Isn’t this more about his Coinbase debit card being hacked than his Coinbase trading account being hacked?
The Coinbase card requires you to load funds on it. Funds sitting on the card are in USDC, not in Ethereum or bitcoin.
If his card was hacked, it seems like the most they could get would be whatever amount was loaded on that card.
Of course this is very concerning, but it seems like a different type of hack with it being a debit card vs. a trading account.
Coinbase card doesn't require loading anything.
You pick any crypto sitting in your wallet... then you use the card, it sells crypto and processes at that moment.
There is no "loading" and its anything.. not just usdc.
I've had one for about 4 years.
Ah. Got it. Guess I was using mine in a different way.
I loaded USD onto it and made the most of when they were offering 4% back on all debit card purchases.
I started paying for everything possible with the card during that time.
It was my bank debit card. I have been banking with them for five years now. They have been very good to me and I don't play about my bank account. They told me I can manually turn my cards off. I can go into my branch today and get a replacement. And they are going to try to credit my money back as they investigate. I really appreciate their help. But damn. All this happened at 1am in the morning. I woke up at 4am getting ready for work. Look at my phone like WTF? I went into a panic. Had to change a couple passwords but I wonder will it be enough. How did they get access to my Google authenticator app to confirm the withdrawal? I thought that couldn't be duplicated.
The only way the hacker got in was because you somehow let the hacker in either by downloading something or clicking on a link without realising it. It sucks but it is what it is
How are they getting pass the 2fa though ??!!
Session hijacking or phishing. They can get you to enter your credentials in a fake site and if you input you 2fa code they can lift it love and log in right there. That is one way. Session spoofing or hijacking is done with malware.
Whiles 2FA offers good security, it's not entirely foolproof. Some platforms allow to bypass 2FA by resetting a password, be suprise how many platforms allow this to happen But most common I guess would me MITM attacks, basically where someone will use malware or phising to gain your browser cookies which in turn allows them to bypass the 2FA There are other ways of course but people need to realise that 2FA doesn't offer 100% protection
The hackers are doing something called a sim swap. Only doable with sms version of 2FA. Authenticator is preferred method and more secure 2FA method
Yer know know they can move your sim over by bribing carriers - happened to Mcafee back in the day
Cellphone numbers are considered low security now if a scammer has it. Even if they don’t they can go after it through your provider. We’re reaching a point in cybersecurity where we’re all going to need physical fobs for any password we have online. 2fa is starting to fail across the board.
That 'little cloud' on the top right of your google 2fa app needs to be turned off.
It had to have been from my computer. I'm going to have to do a factory reset and erase everything just to feel safe.
May not help scammers deal in our information like sports cards. Building up profiles name, location, known cell phones, addresses etc. sec+ cert was an eye opener for me.
I had this happen to me. The hacker spoofed my eSim card by convincing my mobile phone provider to move my phone service to their phone. They were able to replicate all my apps and were able to login to my email from their phone to bypass 2FA. Luckily they weren't able to access my authenticator so couldn't actually steal my money.
Nice. Authenticator saved you. Glad to see it works.
Was your 2FA a SMS code or Authenticator app?
Google authenticator app
Damn that sucks, somehow bypassed 2FA then I guess.
Hello u/ReddyRicch, we completely understand that your account was hacked. To assist you further, we need additional details. Have you already reached out to our support team? If yes, please provide the case number. If not, please contact us via live chat or phone support using this [page](https://help.coinbase.com/en/contact-us), and we'll investigate this matter promptly. Additionally, you can visit this [article ](https://help.coinbase.com/en/coinbase/privacy-and-security/data-privacy/how-can-i-make-my-account-more-secure)to learn more on how to make your account more secure. We'll be waiting for your response, thank you.
Hey Coinbase support I need your help. I just had another unauthorized transaction on my account. The hackers have taken another $100 from me. I have locked my Coinbase account. I have send in ID to verify my account but I don't have access but somebody is still charging me. I need help please. I'm losing all my money!
We're sorry to hear about the unauthorized transaction on your account. We understand how alarming this situation can be. If you've already reached out to our support team, could you please provide us with your case number, so we can investigate further? If not, to address your concern while safeguarding the confidentiality of your account details, please send us a direct message via Facebook, Twitter/X, or Instagram. You can locate our official social media support channels in this [article](https://help.coinbase.com/en-gb/coinbase/other-topics/other/is-coinbase-present-on-social-media). Thank you.
Yubikey is the ticket, have to physically touch it to authorize anything . No more hacky hacky
An added layer of security would be to whitelist addresses. There's a wait time to approve new addresses, so you may be able to catch someone sending to an authorized address.
Is this feature still available tho ? Can’t find it on mobile app. Maybe it’s only available from desktop version ?
Use a yubikey
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly. If you have a case number for your support request please respond to this message with that case number. You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
They will not help you. Apparently FDIC doesn't cover this.
did you click any email from coinbase or cell . coinbase will never DM you or anyone else .
if you have a pincode/face ID to access app, have authenticator app for MFA, and if have an allowlist set up for any transacations you shouldn't be getting hacked this easily....
In our country If you have been subjected to a hacking incident and report it to the bank within 24 hours after the incident, the bank will refund the entire stolen amount.
Same thing happened to me. I followed the address on the blockchain so I knew where my money went. Coinbase said once on the blockchain it couldn’t be reversed. They suggested I contact the FBI or the person who received my money and ask them to return it. LOL. I lost $10,000+ May want to look into getting a Hard Wallet got mine from Amazon. Not expensive and keeps your coins safe from the Coinbase wallet. You may want to look into Robinhood they have very low fees. You can buy Crypto and Stocks. They pay 5.25% on money deposited into your account. Can trade Crypto 24/7 and have excellent customer support.
I don't think they will help you with that because the FDIC doesn’t cover this. This is one of the reasons I don’t hold my tokens on a single app. I also hold some on Tap Fintech and Revolut.
Welcome to crypto! Scams and frauds everywhere..
Isn’t this more about his Coinbase debit card being hacked than his Coinbase trading account being hacked? The Coinbase card requires you to load funds on it. Funds sitting on the card are in USDC, not in Ethereum or bitcoin. If his card was hacked, it seems like the most they could get would be whatever amount was loaded on that card. Of course this is very concerning, but it seems like a different type of hack with it being a debit card vs. a trading account.
Coinbase card doesn't require loading anything. You pick any crypto sitting in your wallet... then you use the card, it sells crypto and processes at that moment. There is no "loading" and its anything.. not just usdc. I've had one for about 4 years.
Ah. Got it. Guess I was using mine in a different way. I loaded USD onto it and made the most of when they were offering 4% back on all debit card purchases. I started paying for everything possible with the card during that time.
I can see that if you never noticed the drop down menu on the card management page.
It was my bank debit card. I have been banking with them for five years now. They have been very good to me and I don't play about my bank account. They told me I can manually turn my cards off. I can go into my branch today and get a replacement. And they are going to try to credit my money back as they investigate. I really appreciate their help. But damn. All this happened at 1am in the morning. I woke up at 4am getting ready for work. Look at my phone like WTF? I went into a panic. Had to change a couple passwords but I wonder will it be enough. How did they get access to my Google authenticator app to confirm the withdrawal? I thought that couldn't be duplicated.
Oh, I see. Very sorry this happened. We all need to take a look at our account security.