6000 coinbase clients hacked - page 4.

Slow death

legendary

Activity: 3164

Merit: 1127

Leading Crypto Sports Betting & Casino Platform

Quote from: oktana on October 02, 2021, 06:23:07 PM

No matter how safe they tell you their exchange is, do not store your assets there! At least not for long. No matter how protected they claim to be, as long as there are much users on that exchange, they will forever be a target; hackers will keep on trying what they can. Meanwhile, you're not placing a bet with your money if they can hack it or not. So, for your mind to be at peace and for optimum safety of your money, use a decentralized wallet to store your crypto assets.

how will people do day trade if they don't leave the asset on the exchange? doing withdrawals every day has a high cost because you imagine that the person withdraw the coin and at the same time the price is falling, indicating a good chance of buying? It is the exchange's responsibility to have good security and pay customers when the exchange is stolen. this is a risk that everyone who day trades will have to take

aoluain

legendary

Activity: 2436

Merit: 1362

Its really important to realise that exchanges are for exchanging FIAT/Crypto, not for
long term storage of either.

Dont use gmail and change up your passwords regularly, dont have google conveniently
remember your passwords for you, these should be a very minimum. The trouble here seems
to be the SMS verification functionality.

The trouble with KYC and AML is obviously we trust exchanges with our personal
information.

Very informative thread and info from DaveF, NeuroticFish and o_e_l_e_o

passwordnow

hero member

Activity: 3136

Merit: 591

Leading Crypto Sports Betting & Casino Platform

Quote from: 24Kt on October 02, 2021, 04:22:37 PM

Quote from: passwordnow on October 02, 2021, 03:45:47 PM

Quote from: verita1 on October 02, 2021, 03:38:32 PM

It is strange that this news has spread so far.

Not that strange, these media are showing past incidents for a sure agenda and that's to give fear to the people that are new to this.

Quote from: verita1 on October 02, 2021, 03:38:32 PM

We still need to improve security on these exchange sites that are necessary for users.

They are the ones that have to improve security and I think that they're doing that but it's just that they have to continually do that. Because these hackers are also improving and finding every possible loophole from their systems.

Well, the good thing here is Coinbase refunded the lost amounts to its affected customers. Now, those customers who knew that their respective credentials are compromised should change their passwords or secure those info related to this hack. This also proves once again, that storing funds in exchange is not a very smart idea to do. Even top exchanges with high security as they say, can be penetrated by these hackers. Hacking softwares are getting sophisticated and so they need to upgrade their security level also.

Never been a good idea to store your funds into an exchange whether it would be Binance, Coinbase or any another known exchange. These people who kept on doing probably have learnt it when they're affected on it. Not just all about the funds but as well as the information that they've sent to it. Every hack that happens it only shows that they have vulnerability, Coinbase is rich and they'll upgrade for sure and increase their security to avoid this to happen again.

Artemis3

legendary

Activity: 2030

Merit: 1569

CLEAN non GPL infringing code made in Rust lang

Well you know the saying... Not your keys, not your money.

"Where to invest safely"? Easy, buy bitcoin, send them to your cold wallet, done.

A "cold" wallet is just a piece of paper with a bunch of words written by your own hands. If you are surprised of this, you need to learn more.

Anything online is at risk. A cold wallet is offline, you can only send money to it, nothing else. Until the day you need to spend some of it, then you temporarily (and securely) restore it to move a small sum out of it to a normal "hot" wallet.

When they said you are now your own bank they weren't kidding. Give your money to others, and you risk getting it stolen.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: NeuroticFish on October 03, 2021, 01:16:22 PM

However, if it would have gone on this path, I'd expect some of other exchanges' customers have the same problem - at least those with no 2FA set.

They do, just not all at the same time like this, since this attack involved both a leak of data and a security exploit in Coinbase's SMS systems. Exchange accounts get hacked all the time, especially if they are using no 2FA or weak 2FA like SMS.

Quote from: NeuroticFish on October 03, 2021, 01:16:22 PM

Some still keep an awfully lot of useless mails and sensitive data in their mailboxes, but scanning so many mailboxes to find out whether they're Coinbase customers or not may not be a small job (of course, it can be automated for some of the servers).

It would be pretty trivial to write a bot which would log in to every Gmail account (for example) you had credentials for and then run some quick searches for "Coinbase", "Binance", "Bitfinex", etc. Also, the email and password leaks could have come from a crypto related service. If some faucet, ICO, bounty, etc., leaks or sells a database of 10,000 users, then you can be certain that the vast majority of them will have an exchange account, and knowing the kind of users who sign up for bounties and airdrops, probably a far higher than average percentage of them reuse the same password across all their accounts.

Fortify

legendary

Activity: 2688

Merit: 1192

Quote from: BTCtester.com on October 02, 2021, 01:20:17 PM

Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

Keeping your money on an exchange certainly does make you an easier target, but some people simply do not have the ability to store their cryptocurrency safely in any other way. They might not have access to safe storage along with a personal PC, but want to purchase and hold it. In theory an exchange can be much safer than a private PC which could be vulnerable to viruses or even hardware failure - this sort of redundancy will be built into the biggest exchanges who can have vast security teams covering many different aspects. While it is devastating for the 6,000 affected individuals, the fact that it is not a complete loss of millions of accounts and is fairly concentrated to the low thousands is somewhat commendable.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: o_e_l_e_o on October 03, 2021, 01:56:08 AM

We already know Coinbase sell user data to third parties, but I think this is unlikely. Selling a name and associated bitcoin addresses is one thing; selling passwords is another.

No. Coinbase itself won't sell passwords. But there's a chance an employee (or ex employee) could have done that.

Quote from: o_e_l_e_o on October 03, 2021, 01:56:08 AM

Database hacks and leaks from other companies. https://haveibeenpwned.com/Passwords has 600 million accounts and passwords in their database. Too many people use the same password across multiple (or even all!) accounts.

Wow, I didn't know the number became that big.
However, if it would have gone on this path, I'd expect some of other exchanges' customers have the same problem - at least those with no 2FA set.
Of course, we can only speculate on where the hacker got from the e-mail passwords. Some still keep an awfully lot of useless mails and sensitive data in their mailboxes, but scanning so many mailboxes to find out whether they're Coinbase customers or not may not be a small job (of course, it can be automated for some of the servers).

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: NeuroticFish on October 02, 2021, 02:27:34 PM

Either somebody from inside has sold users' data to a malicious 3rd party

We already know Coinbase sell user data to third parties, but I think this is unlikely. Selling a name and associated bitcoin addresses is one thing; selling passwords is another.

Quote from: DaveF on October 02, 2021, 03:49:13 PM

So, if I got access to your gmail account (picking on them I am sure there are others that have linked email and phone numbers) and you had your SMS access /recovery phone number set to the google voice number that was linked to that account. Well, it's all over for you.

This of course makes it incredibly easy, but even just access to your email account is enough even if your SMS is linked to your phone. If I get in to your email account - somewhere in your inbox or your outbox I'll probably be able to find your phone number, your address, your date of birth. Maybe you've got some electronic bank statements, rental agreements, car finance, etc., where I can get even more info about you, like your SSN. That's probably enough info for me to convince your carrier that I am you and transfer your phone number to my device and start receiving all your SMS messages.

Quote from: NeuroticFish on October 02, 2021, 04:28:49 PM

I agree 100% on this. But where would the hacker get from 6k email addresses and their passwords too?

Database hacks and leaks from other companies. https://haveibeenpwned.com/Passwords has 600 million accounts and passwords in their database. Too many people use the same password across multiple (or even all!) accounts.

rikybrosh

full member

Activity: 477

Merit: 100

I think coinbase need more smarter people, if counbase is under government supervision then coin base should take responsibility. This is a very bad news, image of cryptocurrency can be negative among other people. I hope those hackers stop do criminal act. I think their skill can be used for many positive things rather than do crime. But I still like to use cryptocurrency, I think it is safer to save money, if we bring a lot of money in the street without good security then we might be get robbed.

dupee419

sr. member

Activity: 1344

Merit: 261

Quote from: NeuroticFish on October 02, 2021, 02:27:34 PM

Some points before people starts panicking:

Quote from: https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

The hack took place between March and May 20 of this year

Quote from: https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails

Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.

I heavily use Coinbase, since their user interface and features are actually great, although I still have worries of having my account getting hacked, I'm actually glad that my Coinbase account did not get breached. It could either be a breach under Coinbase's DB and since they were able to breach through their 2FA feature, anyway, I think I'll consider switching wallets or at least not let my holdings stay here for a long period of time.

Poker Player

legendary

Activity: 1372

Merit: 2017

I wonder why there are so many cases of hacks in cryptocurrencies compared to banks. Coinbase moves considerable amounts of money to be able to spend significant amounts on security. If it was what DaveF says about SMS, it seems silly but Coinbase should not have hacks for stupid things like this.

I guess hackers put more effort into trying to hack cryptocurrencies because if they manage to steal them they can transfer them unhindered by anyone and making you lose track of them very quickly.

TravelMug

hero member

Activity: 2632

Merit: 833

Quote from: FinneysTrueVision on October 02, 2021, 08:47:24 PM

SMS based authentication has been known to be vulnerable for some time. I do not understand why this is still an option on Coinbase. We have already seen hundreds of thousands, if not millions, of dollars stolen from customers' accounts through SIM swapping attacks. They should have done more to protect their customers and I hope that they will cover these losses for the victims who were hacked.

They are going to compensate the 6000 victims, however, Coinbase didn't disclosed how much money was hacked due to their faulty SMS security feature.

And then they didn't disclosed this to the public directly, their reason is that they don't want to pre-empt the investigation.

But I do agree that they should upgrade their security features and us using safe practice to protect our accounts.

FinneysTrueVision

sr. member

Activity: 1680

Merit: 379

Top Crypto Casino

SMS based authentication has been known to be vulnerable for some time. I do not understand why this is still an option on Coinbase. We have already seen hundreds of thousands, if not millions, of dollars stolen from customers' accounts through SIM swapping attacks. They should have done more to protect their customers and I hope that they will cover these losses for the victims who were hacked.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: DaveF on October 02, 2021, 04:18:32 PM

SMS is not AND NEVER WILL BE SECURE.
And adding
Using a SMS to email or other gateway is even less secure then totally not secure. Is there such a thing as anti-secure?

-Dave

yubikey. nothing moves in or out of coinbase without it. problem solved.

https://www.yubico.com/works-with-yubikey/catalog/coinbase/

https://www.yubico.com/works-with-yubikey/catalog/google-accounts/

gmail and coinbase both secured by a physical key only you have.

edit: not affiliated with yubikey in any way.. it just works

Vaskiy

legendary

Activity: 2646

Merit: 1106

DGbet.fun - Crypto Sportsbook

When we think of securing our cryptocurrencies on central exchanges we need to go through the features available and its previous history of hacks. I'm not completely against central exchanges, because when you're into central exchange you'll get the best support than Dex. Another thing these central exchanges takes responsibility of the users holdings. During the previous hack with Binance, it settled all its users from its own reserve fund to have its reputation.

Blawpaw

legendary

Activity: 1596

Merit: 1027

Quote from: BTCtester.com on October 02, 2021, 01:20:17 PM

Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

Back 2 MTGox Syndrome. Everyone knows Central Exchanges are not secure. If it is not for security flaws it will always be human hands. Hackers will also be at the exchanges tails to try and get their way so it's up to companies like Coinbase to better pick their employees and invest in cutting edge security technology to stay one step ahead.

Kusman

member

Activity: 756

Merit: 17

This is really unfortunate news that I came across today too. When it comes to cryptocurrency exchanges, they can't give you any guarantee that they will have zero security flaw in their system. There will always be a hole waiting for the hackers to find out. If they are successful, then they will be able to access people's data and assets. Or maybe an employee that works at that company will give the sensitive information of people to hackers in exchange for a lot of money etc.. People should always act carefully because of this.

oktana

sr. member

Activity: 1680

Merit: 288

Eloncoin.org - Mars, here we come!

No matter how safe they tell you their exchange is, do not store your assets there! At least not for long. No matter how protected they claim to be, as long as there are much users on that exchange, they will forever be a target; hackers will keep on trying what they can. Meanwhile, you're not placing a bet with your money if they can hack it or not. So, for your mind to be at peace and for optimum safety of your money, use a decentralized wallet to store your crypto assets.

flip4flop

full member

Activity: 378

Merit: 135

One of the main reason I do not like leaving any of my coins on an exchange. It is harder to get away from now for many people who are using the exchanges to store coins more often now with all the interest-earning and staking offers but the risk level makes me very uncomfortable.

ene1980

hero member

Activity: 2002

Merit: 535

Quote from: BTCtester.com on October 02, 2021, 01:20:17 PM

Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

Coinbase is a registered exchange and i believe they are insured and i do not think the end users will be loosing their coins. No one in the right sense would hold their assets in centralized exchanges or wallet as they are always prone to attack and if they are not taking care of their security seriously or incompetent to handle the security the end user will suffer. Sad to hear about another major hack yet again.

Topic: 6000 coinbase clients hacked - page 4. (Read 789 times)