Author

Topic: 6000 coinbase clients hacked (Read 792 times)

legendary
Activity: 1596
Merit: 1027
October 19, 2021, 10:19:08 PM
#91
I am one of the guys who got crooked when Cryptopia went down. To this day I'm waiting for the Claims for the heist to be sorted but it seems that is halted and I probably won't see any compensation back for the lost funds. I wonder if the guys who got hacked at Coinbase will ever have the option to claim their losses...
legendary
Activity: 2338
Merit: 1084
zknodes.org
October 19, 2021, 11:29:30 AM
#90
This is what we always worry about, even though we have completed all security requirements when on exchanges but because of data theft from various sources then all security systems are useless, this is what makes decentralized exchanges more attractive and I prefer to use Pancake swaps if I want to buy or sell coin.
Everything can't be done on pancakeswap, pancakeswap is only a decentralized exchange that allows you to trade cryptocurrencies and tokens without a centralized intermediary. Conbase and several other major exchanges such as Binance have features and advantages that will make crypto transactions easier. The security used is also getting updated and getting more secure. Security is not a guarantee that it will continue to be safe, but at least the big exchanges are safer and more trustworthy for our personal identities.
sr. member
Activity: 1792
Merit: 255
October 17, 2021, 09:53:34 AM
#89
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

This is what we always worry about, even though we have completed all security requirements when on exchanges but because of data theft from various sources then all security systems are useless, this is what makes decentralized exchanges more attractive and I prefer to use Pancake swaps if I want to buy or sell coin.
sr. member
Activity: 1218
Merit: 254
Trphy.io
October 17, 2021, 09:23:36 AM
#88
This is what the users are worried about. We do not know what happened . It is feared that people from inside may misuse the data or sell user data for their own benefit. However, Coinbase stated that it was not the result of the data that was obtained not from them. .we have to be careful about this .
sr. member
Activity: 1624
Merit: 339
https://duelbits.com/
October 17, 2021, 08:25:31 AM
#87
This is a very large hack and this is all due to their personal data spread to third parties, and this is also a result of the weak security owned by coinbase and they will lose many users, let alone some say this is all due to negligence on the part of coinbase, hackers with difficulty obtaining user data then we have to be careful in using the central exchange because the risk is very large, and also the storage of personal data must always be at a high level of security,
hero member
Activity: 1666
Merit: 709
Playbet.io - Crypto Casino and Sportsbook
October 17, 2021, 08:03:12 AM
#86
Big error on the side of coinbase, really. Nowadays, hacking shouldn't be easy so the first thing that comes to mind when personal information about users get leaked out is that it may have been more of an inside job than a hacking incident. But of course, hacking cannot he singled out since nothing is impossible, may be difficult but not impossible. Whatever the case, the blame lies on coinbase still for not being able to protect the safety of the funds of their users. Google auth should've been required. And users should be wary too. If they are gon go and trade, then take it out after. Be it spot or futures.
I think it's a blame for both coinbase and those of it's users who still haven't learnt how insensitivity and exposed they are by leaving their funds in exchanges. I haven't read coinbase terms and conditions or disclaimer but with the numerous hacks on big exchanges like them selves then they should be a warning to clients leaving their huge funds in the exchange, the warning should be made to clients at the point of their registration. We have to stamp hacking out, it's impossible though but if it can be avoided, and loss reduced.
sr. member
Activity: 882
Merit: 403
October 12, 2021, 08:21:40 AM
#85
Big error on the side of coinbase, really. Nowadays, hacking shouldn't be easy so the first thing that comes to mind when personal information about users get leaked out is that it may have been more of an inside job than a hacking incident. But of course, hacking cannot he singled out since nothing is impossible, may be difficult but not impossible. Whatever the case, the blame lies on coinbase still for not being able to protect the safety of the funds of their users. Google auth should've been required. And users should be wary too. If they are gon go and trade, then take it out after. Be it spot or futures.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
October 12, 2021, 07:43:53 AM
#84
So since this happened what has Coinbase done about the users that were affected? Because 6000 is not a small number so I know that it’s going to be difficult for Coinbase to do something about this, unless maybe with time they might be able to settle all this users for the losses that they have been through on their platform. Making use of centralized platforms has always been a huge risk in the sense that when these centralized platforms gets hacked by any group of hackers they have access immediately to the user's database.

They gave them their money back.
And 6000 although it is a big number out of the millions of customers it is a very small percentage.

If you read the other articles online about it and the discussions about it, it looks like they were not hacked, but rather had an insecure setup on the 2FA that allowed the criminals to change the password of coinbase customers with just access to the customers email address. So they did not even need access to the coinbase systems.

Now, not saying that it's not a lapse in conbases procedures, but if you leave your wallet on the counter at the coffee shop and walk away and someone takes your cash.
The proper statement is not "I was robbed" it's more along the lines of "I had money stolen because I was not paying attention"

https://bitcointalksearch.org/topic/m.58083904 has what I thought happened, security people are saying that is was a bit different then that from the technical side but more or less what happened.

SMS is not and never was safe as a 2FA: https://bitcointalksearch.org/topic/for-all-of-you-that-still-think-sms-for-2fa-for-wallets-is-or-was-safe-5363971

-Dave
hero member
Activity: 2814
Merit: 526
Undeads.com - P2E Runner Game
October 12, 2021, 07:35:25 AM
#83
This is why I left coinbase few years ago. I'm pretty sure coinbase has been experienced similar issues continuously in past few years and for what I am experienced when I was using coinbase I would say the support is pretty bad in my opinion when I was using web wallet back in that day.

Quote
Unauthorized third parties exploited a flaw in the company's SMS account recovery process to gain access to the accounts, and transfer funds to crypto wallets not associated with Coinbase, the company said.
From what I just read on the news that OP posted, I do feel like they need to make better security because if we are talking about web wallet so security is the first factor you have to think first because your funds are vulnerable once your funds touch that type of wallet.
sr. member
Activity: 1701
Merit: 308
October 12, 2021, 07:23:44 AM
#82
In this case the extra vigilance that we have to do for the security of our assets, in the digital world there is always the sale of personal data misused by irresponsible parties and they are always looking for ways to get what they want even if the way they use is not right, and the security system applied to a device there is always a weakness and trust from the second party is also very important as it is with koinbase about the accuser. When we sell data to third parties, so in this case we are always careful with the personal data we have.
member
Activity: 139
Merit: 10
October 12, 2021, 02:37:41 AM
#81
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
I don't believe the safety guarantee on all exchanges is 100% even if they tell you how secure the exchange is, don't keep your assets there. Well, at least once not for long. Regardless of how protected they claim to be? As long as there are many users on that exchange, they will forever be the target of hackers, who will continue to try to do what they can to steal all assets from users and a security without No exchanges are now 100% guaranteed, trust me, Coinbase is no exception. The best thing is that the exchange from Coinbase they will have a good measure that is to refund the money that the user has stolen.
sr. member
Activity: 2660
Merit: 339
October 08, 2021, 04:21:26 PM
#80
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
So since this happened what has Coinbase done about the users that were affected? Because 6000 is not a small number so I know that it’s going to be difficult for Coinbase to do something about this, unless maybe with time they might be able to settle all this users for the losses that they have been through on their platform. Making use of centralized platforms has always been a huge risk in the sense that when these centralized platforms gets hacked by any group of hackers they have access immediately to the user's database.

And just like you have said a bad employee in the company can be stealing information and selling it to bad people who might decide to hack with whatever information that belongs to the users. So it’s very best that people learn to secure their assets and make sure they’re using the best practices.
hero member
Activity: 2338
Merit: 757
October 07, 2021, 12:30:53 PM
#79
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
even how hard or strict a exchange is but if there is corruption on going surely cases like this will continues to happen.

This is same reason that it is really hard to trust sites that asks KYC because it will always be the target of criminals.


People from some countries are not allowed to use decentralised non-regulated exchanges. Most of them are forced to use exchanges regulated by law, take the example of China or USA. Even major exchanges set in their TOS to not accept registrants from those countries for legal issues.
The point here is not to use centralised exchanges at all, especially as they are rgulated, but to not use those exchanges for big money long term holds. Always remember the rule 'Not your keys, Not your coins'
member
Activity: 1162
Merit: 58
October 06, 2021, 11:08:46 PM
#78
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
even how hard or strict a exchange is but if there is corruption on going surely cases like this will continues to happen.

This is same reason that it is really hard to trust sites that asks KYC because it will always be the target of criminals.
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
October 06, 2021, 10:55:41 PM
#77
On one hand the government is cracking down really hard on any exchange with relaxed KYC norms. And on the other hand, there is a significant increase in incidents of hacking, and theft of documents that are being used for KYC. For me, this is a big concern. I had signed up for multiple centralized exchanges in the past and on many occasions I had to send the scanned copies of identity documents in order to complete the KYC formalities. If these documents end up with the wrong people, then it may create trouble for me.
sr. member
Activity: 1694
Merit: 299
October 06, 2021, 10:51:35 PM
#76
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.
It's not the fault of KYC, it's the fault of the company that should be the one that's protecting their stuff from this hackers, they do know that they're at fault here but the problem is that they're too stingy to do an action to solve the problem.
Surely it's not fault of KYC, and it's all about company but just because of this hack nearly 6000 persons now feeling bad about their documents it's a big issue for them. Hacks and Bitcoin are going side by side it's almost one decade, sadly companies fail to do something about this as well.

We have some holes every time which helping hackers for doing their own trick and stole their data and assets with success in few cases employee's from company give sensitive data to peoples for money and this all happen because hacking software are getting sophisticated just because of this exchanges need to upgrade their security level because now adoption is spreading and too many peoples are involved in this all, and they want some better security from exchanges.
sr. member
Activity: 1400
Merit: 283
October 06, 2021, 06:59:27 PM
#75
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
Well to be honest using centralized exchanges and keeping some huge amount of your investment on it is a stupid idea, and any traders should be knowing that high funds are always at risk and his data is exposed if he is using an online, and to honest hacks are bound to happen one way or another and they are always done by some form of human error and there will always be some loophole in the security that somonesomwhere in the world will use it, so it is better to have control over your own funds rather keeping it in the hands of others.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
October 06, 2021, 06:44:43 PM
#74
Quote
The question is.... Why has this been swept under the carpet for months?
It  wasn't. They notified folks whose accounts were compromised and dealt with it. The only new thing is that Reuters decided to (again) make it 'news'. Must be a slow week for them?

or probably just a futile attempt at FUD?
Fud or just tending to make out some issues just to make out some attention in the market but i dont really believe that they had been making things just because they arent making that much? I dont think so.

Hacks could happen whether inside job or totally external attacks because we know that in reality that nothing is unhackable on this world so expect the unexpected.

Thing here is that these platforms/services would able to handle these things up.
member
Activity: 1092
Merit: 67
October 06, 2021, 06:29:40 PM
#73
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.

You hit the nail.

Isn't about how risky or how secure the exchange is, the problem is that people use them as wallets. And that's a really big mistake. People should only depo and withdraw when they want to trade, but never hold the coins in the exchange, because if something goes wrong then they will lose all their cryptos.

Even how many times have we read about this advise and yet, a lot of crypto users are still storing their funds in exchanges. And if in case you will store for a time in exchanges, make sure the exchange some sort of insurance that you can get your money back if anything happens. Just like what binance has, they have safu, which is like an emergency insurance for their users.
legendary
Activity: 3346
Merit: 3125
October 06, 2021, 10:00:54 AM
#72
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.

You hit the nail.

Isn't about how risky or how secure the exchange is, the problem is that people use them as wallets. And that's a really big mistake. People should only depo and withdraw when they want to trade, but never hold the coins in the exchange, because if something goes wrong then they will lose all their cryptos.
full member
Activity: 1820
Merit: 107
October 06, 2021, 09:46:51 AM
#71
It always happens and we have nothing to do about it, Hacking in the crypto industry just becomes normal nowadays, this is clear evidence that no platform is hundred percent safe all are subjected to vulnerabilities and we the users must accept it as a part of the risk while using it, many huge and famous platform such as Binance, Bithumb and now Coinbase has become a victim of this unexpected event recently the question is what platform will be the next victim? just asking.   
sr. member
Activity: 2422
Merit: 267
Hire Bitcointalk Camp. Manager @ r7promotions.com
October 05, 2021, 04:25:32 PM
#70
I can't count how many different clients I meet and work with on a daily basis who ask me about bitcoin and other cryptocurrencies and when they tell me that they've bought some already, and then I ask them where they currently keep it..it's always on an exchange.  Trezor should start to give me some sort of bonus for referring so many people to them.
there are still many who believe that what is put on the exchange is easier so that what will be done later does not have to do several transactions. In fact, most of them believe because of the habit and convenience that is obtained and they also believe that there will be a replacement, although in the end it may not be guaranteed.

saving on Trezor is certainly better and if you educate all those involved in crypto about the importance of storing on Trezor devices, obviously you should get attention from Trezor like a Bonus, because the education you do is going well, so everything starts a lot switch to Trezor instead of being kept on the exchange.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
October 05, 2021, 08:41:55 AM
#69
Whether or not it was an inside job but this incident proves how dangerous it is to store high amount of coins on exchanges.
Imagine what would have happened if an employee of Binance sold it's users data to an external party.
This is why we it is always recommended to store your crypto savings to non-custodial wallets and keep only a minimum amount of coins on exchanges.
Sadly, people don't take this point seriously until they become a victim of such incidents.
legendary
Activity: 2282
Merit: 3014
October 05, 2021, 08:23:06 AM
#68
I can't count how many different clients I meet and work with on a daily basis who ask me about bitcoin and other cryptocurrencies and when they tell me that they've bought some already, and then I ask them where they currently keep it..it's always on an exchange.  Trezor should start to give me some sort of bonus for referring so many people to them.
hero member
Activity: 2268
Merit: 588
You own the pen
October 05, 2021, 06:55:08 AM
#67
We become more vulnerable to hackers knowingly or unknowingly because they learn from constant experiences and regular practice. To not fall prey of vipers like this extra caution should always be taken. Imagine one using same password for all the email accounts he has, and all the accounts he has online. When one account is attacked, the rest gets vulnerable.


Every year hacking on exchanges such as this one always occurred because the hackers are also updating their skills and sometimes they find some way to hack some vulnerable centralized exchanges. That's why it has become obligatory for us if we are holding big amounts of bitcoins that we need to store in our hard wallet so that we are the only ones who can access it. Because when the hackers successfully send it out from the exchange, it's almost impossible to recover it.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
October 05, 2021, 06:18:59 AM
#66
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.
A lot of us made that mistake back then. We really can't help what happened in the past now but to try and make amends for the future, going forward.

Because Coinbase did not tell anybody about it till now. If Coinbase did not make a statement or let anybody know, then nobody can report on it.
On a side note 6000 customers out of the 68,000,000 that they have is also a very small amount. So although an interesting story, it's not like most of they clients had any issues.

-Dave
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
October 05, 2021, 01:04:58 AM
#65
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.
A lot of us made that mistake back then. We really can't help what happened in the past now but to try and make amends for the future, going forward.
legendary
Activity: 3766
Merit: 1217
October 05, 2021, 12:20:07 AM
#64
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.

LOL.. Imagine my case. Back in 2014 and 2015, I signed up for at least a dozen cryptocurrency exchanges (half of them are no longer in operation). These exchanges are based in different countries, such as South Korea, Japan, Slovenia and the United States. Back then, I never thought that sending in a scanned copy of the national ID card and the passport would be such a bad idea. Fortunately my passport expired recently and I had to renew it. But I am still concerned about the copy of the national ID card. Criminals can still misuse it.
legendary
Activity: 3304
Merit: 1617
#1 VIP Crypto Casino
October 04, 2021, 02:20:12 PM
#63
Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
October 04, 2021, 02:17:53 PM
#62
Well, for all intent and purpose... Coinbase has acted like a Bank for a long time.. and Banks get robbed. They also have a long history and reputation for shitty customer support, so I will not put it past them.. that one of the people from the inside.. leaked the data.

The question is.... Why has this been swept under the carpet for months? They obviously did not want the bad publicity and/or it was a inside job and they covered their a$$es.  Roll Eyes

My guess is that they didn't want the bad publicity because Coinbase stocks were launched around that time so the bad publicity should have done a significant damage to the stock's price. At the end of the day, this just shows that it's always better to take responsibility for the safety of your crypto assets. Putting them in the hands of these centralized exchanges makes it more prone to attacks since these platforms are hosted on centralized servers which can be hacked or tempered with.
sr. member
Activity: 280
Merit: 253
October 04, 2021, 12:46:18 PM
#61
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
Exactly right. You would think after the Mt. Gox hack, the Bitfinex hack, the Binance hack, etc people would learn to stay away from KYC, centralized exchanges, especially considering Satoshi's vision for BTC (see sig).

Here are some decentralized alternatives to centralized exchanges.
legendary
Activity: 3822
Merit: 2703
Evil beware: We have waffles!
October 04, 2021, 12:33:09 PM
#60
Quote
The question is.... Why has this been swept under the carpet for months?
It  wasn't. They notified folks whose accounts were compromised and dealt with it. The only new thing is that Reuters decided to (again) make it 'news'. Must be a slow week for them?
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
October 04, 2021, 12:23:32 PM
#59
Well, for all intent and purpose... Coinbase has acted like a Bank for a long time.. and Banks get robbed. They also have a long history and reputation for shitty customer support, so I will not put it past them.. that one of the people from the inside.. leaked the data.

The question is.... Why has this been swept under the carpet for months? They obviously did not want the bad publicity and/or it was a inside job and they covered their a$$es.  Roll Eyes
sr. member
Activity: 2030
Merit: 356
October 04, 2021, 12:10:45 PM
#58
Some points before people starts panicking:

The hack took place between March and May 20 of this year


Yes, this is not a recent news so why the reuters published it on 2nd of October. I could see it was a failed attempt to create a panic in the market. I understand that coinbase data getting hacked is not a good thing but for me there are some hidden agenda by publishing this news at this time when market is booming.
full member
Activity: 1638
Merit: 122
October 04, 2021, 12:02:01 PM
#57
That's not the first time when we hear some centralized exchange is hacked and it's not going to be the last time to see such news regarding these exchanges. Since the security is never complete there is always a security hole, any website or exchange can be hacked and is the possibility is real. That's why I always keep my assets in my own wallet instead of exchange and usually I suggest my friends do the same thing because not your keys, not your coins.

like the op said , the hackers can sell your info into the other criminals. you may not loose any of your cryptos from the hackers in the centralized exchange your using but you could hand them out easily once the other criminals get inside your house and point deadly weapons at you .  
the best solution is dont use any centralized exchange at all  or if possible supply fake details when using a centralize exchange , some wont require a kyc tho .
hero member
Activity: 1778
Merit: 722
Leading Crypto Sports Betting & Casino Platform
October 04, 2021, 11:43:20 AM
#56
That's not the first time when we hear some centralized exchange is hacked and it's not going to be the last time to see such news regarding these exchanges. Since the security is never complete there is always a security hole, any website or exchange can be hacked and is the possibility is real. That's why I always keep my assets in my own wallet instead of exchange and usually I suggest my friends do the same thing because not your keys, not your coins.
 
hero member
Activity: 1414
Merit: 574
October 04, 2021, 08:14:03 AM
#55
Plus the owner of Coinbase, Brian Armstrong, is truly anti-Bitcoin deep inside of him. He has supported ALL “proposals”, which are actually ATTACKS on Bitcoin, like Bitcoin XT, Bitcoin Unlimited, and he signed the New York Agreement for a hard fork to Segwit2X, another attack on Bitcoin.
When market conditions are starting to recover, it is surprising why there is news like this.  If crypto players are not wise in reading the news then it will be very clickbait to become a bad issue for the market.  Meanwhile, if you read it in its entirety, they accumulate cases of customers who were hacked for several months and have passed.  Equivalent to big exchangers in the US, why is this always repeated, do they not have any risk mitigation and maybe this is just a form of speculative bookies.
full member
Activity: 1834
Merit: 166
October 04, 2021, 08:12:51 AM
#54
The exchanges are already in the custody of your private keys and whenever they want to become a scam they can shut down operations with million dollars scam as we have seen in the past also.The hackers usually push malwares and got access to the users private keys and you all know the funds are then not yours.These types of news are not new exchange are prone to risk of such hacks.
legendary
Activity: 2898
Merit: 1823
October 04, 2021, 07:36:13 AM
#53
Plus the owner of Coinbase, Brian Armstrong, is truly anti-Bitcoin deep inside of him. He has supported ALL “proposals”, which are actually ATTACKS on Bitcoin, like Bitcoin XT, Bitcoin Unlimited, and he signed the New York Agreement for a hard fork to Segwit2X, another attack on Bitcoin.
legendary
Activity: 2576
Merit: 1655
October 04, 2021, 07:11:11 AM
#52
Sad to say that no matter if these centralized exchanges have improved their security system, these hackers are just one step ahead by knowing how to counter that restriction.

Yes, that's how the game is here in crypto, criminals are always one step ahead of the game. It is us that keeps on adjusting, and then hackers will find another loophole, exploit it, going to be cyclical. The only weapon for us is to really learn and educate our selves how to protect our assets.

I do have a Coinbase account but never used it for years and have zero balance as of this time. It would be stressful for me if I am one of those 6000 being victimized by that hack.

Good for you, but for those who have lost their money, Coinbase says that they are going to compensate them, not sure if it's going to be in portion, or just one drop.
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
October 04, 2021, 07:07:00 AM
#51
Thats why i don't want to store my assets into exchange even tough most people call coinbase is the best exchange in the world it still very risky to store our aseets into it. I personally store my asset on MEW, i think MEW is the best platform for us to store our asset.
Who said that Coinbase is the best wallet? Losing to hacks and cyber attacks these past few years isn't really making anyone believe that Coinbase is the best one there is. The best way to store them is through hardware wallets or other offline wallets so you can be assured that your crypto will be secured.
hero member
Activity: 2282
Merit: 659
Looking for gigs
October 04, 2021, 06:57:34 AM
#50
Sad to say that no matter if these centralized exchanges have improved their security system, these hackers are just one step ahead by knowing how to counter that restriction.

I do have a Coinbase account but never used it for years and have zero balance as of this time. It would be stressful for me if I am one of those 6000 being victimized by that hack.
full member
Activity: 1904
Merit: 138
★Bitvest.io★ Play Plinko or Invest!
October 04, 2021, 06:53:45 AM
#49
The vulnerability of e-wallets is often written about, so you need to be prepared. you should think more carefully about the safety of your money.
this is the reason we must all have Ledger or Trezor wallets to keep safe our funds because we cannot trust exchange that big as they are the main target of hackers scammers .
meaning all of us are in the circle of target if we will put our money inside exchange for long term,just use exchange once you need to trade.
then after best to withdraw and keep safe in your wallet that you hold the Keys.

Not a must to have ledger or trezor, but even if you are using electrum, you can already be secure if you know how to secure your keys. Not all crypto users can afford to purchase those hardware wallets. There are other cheaper ways how to avoid possible hacks without purchasing hardware wallets and it has been discussed here in the forum over and over again.
full member
Activity: 2170
Merit: 182
“FRX: Ferocious Alpha”
October 04, 2021, 06:03:39 AM
#48
The vulnerability of e-wallets is often written about, so you need to be prepared. you should think more carefully about the safety of your money.
this is the reason we must all have Ledger or Trezor wallets to keep safe our funds because we cannot trust exchange that big as they are the main target of hackers scammers .
meaning all of us are in the circle of target if we will put our money inside exchange for long term,just use exchange once you need to trade.
then after best to withdraw and keep safe in your wallet that you hold the Keys.
legendary
Activity: 3766
Merit: 1217
October 04, 2021, 05:34:21 AM
#47
coinbase was hacked, it's really a pity, the coinbase must immediately fix any shortcomings, so that in the future something like this doesn't happen again, and doesn't disappoint people who have been loyal to storing in coinbase, even though the coinbase is willing to pay compensation, but the coinbase should immediately fix their shortcomings..

Coinbase was not hacked. The coins they had in cold wallets and hot wallets are all safe. Some of the user accounts were hacked, as the criminals exploited a common vulnerability. And as far as I know, the criminals stole coins from other exchange users as well, but they are yet to confirm this. The hackers made use of the SMS account recovery process that is being used in Coinbase. There are several other exchanges that use the same function. Anyway, most of the customers have regained access to their accounts and Coinbase has issued a statement clarifying that it will reimburse the losses (although I don't think that they have the liability to do so).
hero member
Activity: 1442
Merit: 510
October 04, 2021, 04:38:07 AM
#46
coinbase was hacked, it's really a pity, the coinbase must immediately fix any shortcomings, so that in the future something like this doesn't happen again, and doesn't disappoint people who have been loyal to storing in coinbase, even though the coinbase is willing to pay compensation, but the coinbase should immediately fix their shortcomings..
legendary
Activity: 2730
Merit: 7065
October 04, 2021, 04:32:02 AM
#45
This is scary, I have some considerable amount of my tokens in Binance and I am definitely risking those coins from being atolen because I don't have any hardware wallet and the hardware wallets that store those tokens are so expensive and a lot of the tampered ones are spreading online, being sold to unknowing newbies.
Can't you invest a small part of your "considerable amount" to improve the safety of your digital assets? The cheapest hardware devices sell for $50-$100. That's a one-time payment for the whole life span of that device. When you think about it, if you withdraw Bitcoin twice from an exchange like Binance, you would be asked to pay withdrawal fees of around $50 in total. That's already the value of a Nano S for example.

Don't buy hardware wallets from unofficial sellers online. Purchase them from official websites or affiliated and official resellers. If a reseller is located close to your place of living, you will have an additional advantage of not having to ship the gadget to your home and have the company store your personal data on their servers. 
legendary
Activity: 2898
Merit: 1823
October 04, 2021, 04:28:42 AM
#44
How many years has Coinbase been in the cryptocurrency trading industry, and the exchange still, gets hacked, goes down/offline during periods of high traffic, and continues to list shitcoins, giving them legitimacy. DON’T USE COINBASE.
sr. member
Activity: 1288
Merit: 253
October 04, 2021, 04:27:44 AM
#43
Hackers or hackers are known to exploit flaws in the company's SMS account recovery process to gain access to customer accounts, and transfer funds to crypto wallets not associated with Coinbase, coinbase immediately fixed the flaw and have been working with these customers to regain control of their accounts. and replace their lost money, this should be an example, because coinbase is ready to make up for the loss of its customers..
hero member
Activity: 2604
Merit: 816
🐺Spinarium.com🐺 - iGaming casino
October 04, 2021, 04:26:21 AM
#42
The one thing that we can do to prevent the hacker steal all of our money is not keeping all of the coins in the exchange and it is better to send it to a private wallet that we can control. We can send some amount of money to the exchange just to trade while we still keep the big amount in other wallets so when the exchange getting hack, we still have the other coins and can continue to trade in the other exchange that will be safe from a previous exchange. We are already told that always be careful to keep the balance in the exchanges because there will be a risk.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
October 04, 2021, 04:03:15 AM
#41
Some points before people starts panicking:

The hack took place between March and May 20 of this year
Based on the time/period that it took place, I wonder why they didn't make a "public" announcement about that incident? Roll Eyes

BTW, for those that would like to read the Coinbase letter without having to download the PDF file, you can refer to the following link instead ["Coinbase notification"]: Hackers rob thousands of Coinbase customers using MFA flaw

Did news of the hack appeared just now or is it Reuters recycling old news to try to create FUD or something?
I remember reading a bunch of hack reports in the past few months but looks like this is the first time that they've made it somewhat public:

legendary
Activity: 2268
Merit: 18748
October 04, 2021, 03:34:34 AM
#40
how will people do day trade if they don't leave the asset on the exchange?
If you want to day trade, then that is the risk you have to take. You would hope that most people day trading any significant amount of money are sensible enough not to try to secure their account with something as insecure as SMS, though. The fact that Coinbase even still offers SMS is very poor on their part.

I don't have any hardware wallet and the hardware wallets that store those tokens are so expensive
A Ledger Nano S or a Trezor One both cost around $50 bucks. If you ask in their respective subreddits for a referral code, you can usually get 20% off that. If you wait for Black Friday coming up in at the end of November, then based on previous years you might be able to get up to 50% off. This really isn't a lot of money to spend for financial security, especially if, as you say, you have a "considerable" amount of money on Binance. If it is more than you can afford to lose, then get a hardware wallet.
sr. member
Activity: 1022
Merit: 252
October 04, 2021, 02:21:49 AM
#39
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

The lesson that we could learn from this big exchanges is no guarantee to be safe. People still have mind that popular and big exchange is safe because they have the best security but the reality is, the good hackers are targeting big exchanges instead of mediocore level exchanges.
As an investors we should just sent a few of our balance to trade on exchange wallet if we want to trade and never save balances too much on an exchange because that could be targeted by the hackers
full member
Activity: 924
Merit: 100
October 04, 2021, 02:04:13 AM
#38
Thats why i don't want to store my assets into exchange even tough most people call coinbase is the best exchange in the world it still very risky to store our aseets into it. I personally store my asset on MEW, i think MEW is the best platform for us to store our asset.
member
Activity: 770
Merit: 12
Trphy.io
October 04, 2021, 02:02:10 AM
#37
This is scary, I have some considerable amount of my tokens in Binance and I am definitely risking those coins from being atolen because I don't have any hardware wallet and the hardware wallets that store those tokens are so expensive and a lot of the tampered ones are spreading online, being sold to unknowing newbies.
therefore we can divide it into several baskets, so that at least it can minimize the risk. Hacking is nothing new, but we must be careful ourselves to secure the assets we have. many of them ignore this little thing, and in the end it is very risky
member
Activity: 868
Merit: 63
October 04, 2021, 01:23:46 AM
#36
This is scary, I have some considerable amount of my tokens in Binance and I am definitely risking those coins from being atolen because I don't have any hardware wallet and the hardware wallets that store those tokens are so expensive and a lot of the tampered ones are spreading online, being sold to unknowing newbies.
sr. member
Activity: 2842
Merit: 326
Vave.com - Crypto Casino
October 04, 2021, 01:17:43 AM
#35
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
I absolutely agreed that an insider is directly or indirectly involved in what lead to the hacked wallets of coinbase users, it has become glaring that centralized exchanges can never be reliable and trusted in storing coins, past hacking events related to CEX has proven that reliability of those type of exchanges is very risky, because some of their scrupulous employee who can never to trusted will surely compromised, I think experienced crypto enthusiast knows the implications of hodling their coins in CEX exchanges it's up to every newbie to research on ways of securing their coins too.
legendary
Activity: 3472
Merit: 10611
October 04, 2021, 12:29:31 AM
#34
Another example why using central exchanges is risky.
To be fair using centralized exchanges is inevitable for anyone who wants to either buy bitcoin or trade it and the risk is known to these people. What we warn people about is storing their coins with a third party including but not limited to centralized exchanges.
Until we get better and more popular decentralized exchanges we will continue seeing news like this.
hero member
Activity: 1792
Merit: 536
Leading Crypto Sports Betting & Casino Platform
October 03, 2021, 06:05:46 PM
#33
Some points before people starts panicking:

The hack took place between March and May 20 of this year

The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails

Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.

It is really sad that people still tend to put their money in centralized exchanges. If it is that big then at least try to put it on your own wallet and then just try put out what you need in case you want to cash out. Do not put your money to exchanges even if they say their security is so tight. You will never know what might happen in the future. You will never know if the exchange you trust suddenly decides to run away with your money.
hero member
Activity: 2002
Merit: 535
October 03, 2021, 05:58:40 PM
#32
~
how will people do day trade if they don't leave the asset on the exchange? doing withdrawals every day has a high cost because you imagine that the person withdraw the coin and at the same time the price is falling, indicating a good chance of buying? It is the exchange's responsibility to have good security and pay customers when the exchange is stolen. this is a risk that everyone who day trades will have to take
It is the responsibility of the exchange to take care of the clients assets and if some of the exchanges prove that they are not capable then as investors and traders you need to move out to other exchanges rather than sticking to them thinking that they would change. Coinbase is a huge company and they are worth billions of dollars if they cannot take care of security then what is the point in trusting them in the long run.
legendary
Activity: 3164
Merit: 1127
Leading Crypto Sports Betting & Casino Platform
October 03, 2021, 05:23:34 PM
#31
No matter how safe they tell you their exchange is, do not store your assets there! At least not for long. No matter how protected they claim to be, as long as there are much users on that exchange, they will forever be a target; hackers will keep on trying what they can. Meanwhile, you're not placing a bet with your money if they can hack it or not. So, for your mind to be at peace and for optimum safety of your money, use a decentralized wallet to store your crypto assets.

how will people do day trade if they don't leave the asset on the exchange? doing withdrawals every day has a high cost because you imagine that the person withdraw the coin and at the same time the price is falling, indicating a good chance of buying? It is the exchange's responsibility to have good security and pay customers when the exchange is stolen. this is a risk that everyone who day trades will have to take
legendary
Activity: 2436
Merit: 1362
October 03, 2021, 03:36:11 PM
#30
Its really important to realise that exchanges are for exchanging FIAT/Crypto, not for
long term storage of either.

Dont use gmail and change up your passwords regularly, dont have google conveniently
remember your passwords for you, these should be a very minimum. The trouble here seems
to be the SMS verification functionality.

The trouble with KYC and AML is obviously we trust exchanges with our personal
information.

Very informative thread and info from DaveF, NeuroticFish and o_e_l_e_o
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
October 03, 2021, 03:27:52 PM
#29
It is strange that this news has spread so far.
Not that strange, these media are showing past incidents for a sure agenda and that's to give fear to the people that are new to this.

We still need to improve security on these exchange sites that are necessary for users.
They are the ones that have to improve security and I think that they're doing that but it's just that they have to continually do that. Because these hackers are also improving and finding every possible loophole from their systems.

Well, the good thing here is Coinbase refunded the lost amounts to its affected customers. Now, those customers who knew that their respective credentials are compromised should change their passwords or secure those info related to this hack. This also proves once again, that storing funds in exchange is not a very smart idea to do. Even top exchanges with high security as they say, can be penetrated by these hackers. Hacking softwares are getting sophisticated and so they need to upgrade their security level also.
Never been a good idea to store your funds into an exchange whether it would be Binance, Coinbase or any another known exchange. These people who kept on doing probably have learnt it when they're affected on it. Not just all about the funds but as well as the information that they've sent to it. Every hack that happens it only shows that they have vulnerability, Coinbase is rich and they'll upgrade for sure and increase their security to avoid this to happen again.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
October 03, 2021, 03:06:21 PM
#28
Well you know the saying... Not your keys, not your money.

"Where to invest safely"? Easy, buy bitcoin, send them to your cold wallet, done.

A "cold" wallet is just a piece of paper with a bunch of words written by your own hands. If you are surprised of this, you need to learn more.

Anything online is at risk. A cold wallet is offline, you can only send money to it, nothing else. Until the day you need to spend some of it, then you temporarily (and securely) restore it to move a small sum out of it to a normal "hot" wallet.

When they said you are now your own bank they weren't kidding. Give your money to others, and you risk getting it stolen.
legendary
Activity: 2268
Merit: 18748
October 03, 2021, 02:10:35 PM
#27
However, if it would have gone on this path, I'd expect some of other exchanges' customers have the same problem - at least those with no 2FA set.
They do, just not all at the same time like this, since this attack involved both a leak of data and a security exploit in Coinbase's SMS systems. Exchange accounts get hacked all the time, especially if they are using no 2FA or weak 2FA like SMS.

Some still keep an awfully lot of useless mails and sensitive data in their mailboxes, but scanning so many mailboxes to find out whether they're Coinbase customers or not may not be a small job (of course, it can be automated for some of the servers).
It would be pretty trivial to write a bot which would log in to every Gmail account (for example) you had credentials for and then run some quick searches for "Coinbase", "Binance", "Bitfinex", etc. Also, the email and password leaks could have come from a crypto related service. If some faucet, ICO, bounty, etc., leaks or sells a database of 10,000 users, then you can be certain that the vast majority of them will have an exchange account, and knowing the kind of users who sign up for bounties and airdrops, probably a far higher than average percentage of them reuse the same password across all their accounts.
legendary
Activity: 2688
Merit: 1192
October 03, 2021, 01:43:42 PM
#26
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

Keeping your money on an exchange certainly does make you an easier target, but some people simply do not have the ability to store their cryptocurrency safely in any other way. They might not have access to safe storage along with a personal PC, but want to purchase and hold it. In theory an exchange can be much safer than a private PC which could be vulnerable to viruses or even hardware failure - this sort of redundancy will be built into the biggest exchanges who can have vast security teams covering many different aspects. While it is devastating for the 6,000 affected individuals, the fact that it is not a complete loss of millions of accounts and is fairly concentrated to the low thousands is somewhat commendable.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 03, 2021, 01:16:22 PM
#25
We already know Coinbase sell user data to third parties, but I think this is unlikely. Selling a name and associated bitcoin addresses is one thing; selling passwords is another.

No. Coinbase itself won't sell passwords. But there's a chance an employee (or ex employee) could have done that.


Database hacks and leaks from other companies. https://haveibeenpwned.com/Passwords has 600 million accounts and passwords in their database. Too many people use the same password across multiple (or even all!) accounts.

Wow, I didn't know the number became that big.
However, if it would have gone on this path, I'd expect some of other exchanges' customers have the same problem - at least those with no 2FA set.
Of course, we can only speculate on where the hacker got from the e-mail passwords. Some still keep an awfully lot of useless mails and sensitive data in their mailboxes, but scanning so many mailboxes to find out whether they're Coinbase customers or not may not be a small job (of course, it can be automated for some of the servers).
legendary
Activity: 2268
Merit: 18748
October 03, 2021, 01:56:08 AM
#24
Either somebody from inside has sold users' data to a malicious 3rd party
We already know Coinbase sell user data to third parties, but I think this is unlikely. Selling a name and associated bitcoin addresses is one thing; selling passwords is another.

So, if I got access to your gmail account (picking on them I am sure there are others that have linked email and phone numbers) and you had your SMS access /recovery phone number set to the google voice number that was linked to that account. Well, it's all over for you.
This of course makes it incredibly easy, but even just access to your email account is enough even if your SMS is linked to your phone. If I get in to your email account - somewhere in your inbox or your outbox I'll probably be able to find your phone number, your address, your date of birth. Maybe you've got some electronic bank statements, rental agreements, car finance, etc., where I can get even more info about you, like your SSN. That's probably enough info for me to convince your carrier that I am you and transfer your phone number to my device and start receiving all your SMS messages.

I agree 100% on this. But where would the hacker get from 6k email addresses and their passwords too?
Database hacks and leaks from other companies. https://haveibeenpwned.com/Passwords has 600 million accounts and passwords in their database. Too many people use the same password across multiple (or even all!) accounts.
full member
Activity: 477
Merit: 100
October 03, 2021, 12:58:41 AM
#23
I think coinbase need more smarter people, if counbase is under government supervision then coin base should take responsibility. This is a very bad news, image of cryptocurrency can be negative among other people. I hope those hackers stop do criminal act. I think their skill can be used for many positive things rather than do crime. But I still like to use cryptocurrency, I think it is safer to save money, if we bring a lot of money in the street without good security then we might be get robbed.
sr. member
Activity: 1344
Merit: 261
October 03, 2021, 12:38:35 AM
#22
Some points before people starts panicking:

The hack took place between March and May 20 of this year

The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails

Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.

I heavily use Coinbase, since their user interface and features are actually great, although I still have worries of having my account getting hacked, I'm actually glad that my Coinbase account did not get breached. It could either be a breach under Coinbase's DB and since they were able to breach through their 2FA feature, anyway, I think I'll consider switching wallets or at least not let my holdings stay here for a long period of time.



legendary
Activity: 1372
Merit: 2017
October 02, 2021, 09:44:09 PM
#21
I wonder why there are so many cases of hacks in cryptocurrencies compared to banks. Coinbase moves considerable amounts of money to be able to spend significant amounts on security. If it was what DaveF says about SMS, it seems silly but Coinbase should not have hacks for stupid things like this.

I guess hackers put more effort into trying to hack cryptocurrencies because if they manage to steal them they can transfer them unhindered by anyone and making you lose track of them very quickly.
hero member
Activity: 2632
Merit: 833
October 02, 2021, 09:23:55 PM
#20
SMS based authentication has been known to be vulnerable for some time. I do not understand why this is still an option on Coinbase. We have already seen hundreds of thousands, if not millions, of dollars stolen from customers' accounts through SIM swapping attacks. They should have done more to protect their customers and I hope that they will cover these losses for the victims who were hacked.

They are going to compensate the 6000 victims, however, Coinbase didn't disclosed how much money was hacked due to their faulty SMS security feature.

And then they didn't disclosed this to the public directly, their reason is that they don't want to pre-empt the investigation.

But I do agree that they should upgrade their security features and us using safe practice to protect our accounts.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
October 02, 2021, 08:47:24 PM
#19
SMS based authentication has been known to be vulnerable for some time. I do not understand why this is still an option on Coinbase. We have already seen hundreds of thousands, if not millions, of dollars stolen from customers' accounts through SIM swapping attacks. They should have done more to protect their customers and I hope that they will cover these losses for the victims who were hacked.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
October 02, 2021, 07:56:40 PM
#18

SMS is not AND NEVER WILL BE SECURE.
And adding
Using a SMS to email or other gateway is even less secure then totally not secure. Is there such a thing as anti-secure?

-Dave

yubikey. nothing moves in or out of coinbase without it. problem solved.

https://www.yubico.com/works-with-yubikey/catalog/coinbase/

https://www.yubico.com/works-with-yubikey/catalog/google-accounts/

gmail and coinbase both secured by a physical key only you have.

edit: not affiliated with yubikey in any way.. it just works
legendary
Activity: 2646
Merit: 1106
DGbet.fun - Crypto Sportsbook
October 02, 2021, 07:10:06 PM
#17
When we think of securing our cryptocurrencies on central exchanges we need to go through the features available and its previous history of hacks. I'm not completely against central exchanges, because when you're into central exchange you'll get the best support than Dex. Another thing these central exchanges takes responsibility of the users holdings. During the previous hack with Binance, it settled all its users from its own reserve fund to have its reputation.
legendary
Activity: 1596
Merit: 1027
October 02, 2021, 06:53:47 PM
#16
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

Back 2 MTGox Syndrome. Everyone knows Central Exchanges are not secure. If it is not for security flaws it will always be human hands. Hackers will also be at the exchanges tails to try and get their way so it's up to companies like Coinbase to better pick their employees and invest in cutting edge security technology to stay one step ahead.  
member
Activity: 756
Merit: 17
October 02, 2021, 06:41:39 PM
#15
This is really unfortunate news that I came across today too. When it comes to cryptocurrency exchanges, they can't give you any guarantee that they will have zero security flaw in their system. There will always be a hole waiting for the hackers to find out. If they are successful, then they will be able to access people's data and assets. Or maybe an employee that works at that company will give the sensitive information of people to hackers in exchange for a lot of money etc.. People should always act carefully because of this.
sr. member
Activity: 1680
Merit: 288
Eloncoin.org - Mars, here we come!
October 02, 2021, 06:23:07 PM
#14
No matter how safe they tell you their exchange is, do not store your assets there! At least not for long. No matter how protected they claim to be, as long as there are much users on that exchange, they will forever be a target; hackers will keep on trying what they can. Meanwhile, you're not placing a bet with your money if they can hack it or not. So, for your mind to be at peace and for optimum safety of your money, use a decentralized wallet to store your crypto assets.
full member
Activity: 378
Merit: 135
October 02, 2021, 05:58:00 PM
#13
One of the main reason I do not like leaving any of my coins on an exchange. It is harder to get away from now for many people who are using the exchanges to store coins more often now with all the interest-earning and staking offers but the risk level makes me very uncomfortable.
hero member
Activity: 2002
Merit: 535
October 02, 2021, 05:17:55 PM
#12
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.
 
Coinbase is a registered exchange and i believe they are insured and i do not think the end users will be loosing their coins. No one in the right sense would hold their assets in centralized exchanges or wallet as they are always prone to attack and if they are not taking care of their security seriously or incompetent to handle the security the end user will suffer. Sad to hear about another major hack yet again.
legendary
Activity: 2534
Merit: 1338
October 02, 2021, 05:05:08 PM
#11
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
Did news of the hack appeared just now or is it Reuters recycling old news to try to create FUD or something? If it is the former then it is interesting that we are only finding about the hack right now, while if it is the latter then I wonder if they want to create FUD and slow down the market that way, anyway we all know what it must be done to avoid something like this, if you have to use exchanges then do so but never leave your coins there as they are too big of a target and hackers are always trying to find a way to get to your coins, so by leaving your coins there you are running the risk of being robbed by the hackers or the exchange itself.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 02, 2021, 04:28:49 PM
#10
This is why what @o_e_l_e_o pointed out here is 1000% correct for so many reasons. https://bitcointalksearch.org/topic/m.58083653

SMS is not AND NEVER WILL BE SECURE.
And adding
Using a SMS to email or other gateway is even less secure then totally not secure. Is there such a thing as anti-secure?

I agree 100% on this. But where would the hacker get from 6k email addresses and their passwords too?
Imho they've got them from Coinbase DB.

If they would have tons of hacked accounts, they would have stolen money from many more people (just because many still don't use 2FA).
Of course, Coinbase using SMS for 2FA was a setup asking for a disaster. And I come back to what I wrote: a proper security audit should have revealed that.
member
Activity: 1092
Merit: 67
October 02, 2021, 04:22:37 PM
#9
It is strange that this news has spread so far.
Not that strange, these media are showing past incidents for a sure agenda and that's to give fear to the people that are new to this.

We still need to improve security on these exchange sites that are necessary for users.
They are the ones that have to improve security and I think that they're doing that but it's just that they have to continually do that. Because these hackers are also improving and finding every possible loophole from their systems.

Well, the good thing here is Coinbase refunded the lost amounts to its affected customers. Now, those customers who knew that their respective credentials are compromised should change their passwords or secure those info related to this hack. This also proves once again, that storing funds in exchange is not a very smart idea to do. Even top exchanges with high security as they say, can be penetrated by these hackers. Hacking softwares are getting sophisticated and so they need to upgrade their security level also.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
October 02, 2021, 04:18:32 PM
#8
So, if I got access to your gmail account

I think that this is the most important point. And my logic was that "only" some 6k had the same password at Coinbase as for their email.

The rest... yes, you're right. Coinbase simply didn't care to make it better/proper... or pay for auditing what "Bob in security" did there.

No, what I was saying was that if Bob screwed up, and you had google voice (once again picking on them could be many other providers) I did not even NEED your Coinbase password.
1) I get access to your email
2) I see you have a coinbase account
3) I see that text messages are coming into your email.
4) I send a password reset request, it sends a text to your email, which I am reading. I then can reset your password and go on my way with your money.

This is why what @o_e_l_e_o pointed out here is 1000% correct for so many reasons. https://bitcointalksearch.org/topic/m.58083653

SMS is not AND NEVER WILL BE SECURE.
And adding
Using a SMS to email or other gateway is even less secure then totally not secure. Is there such a thing as anti-secure?

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 02, 2021, 03:56:56 PM
#7
So, if I got access to your gmail account

I think that this is the most important point. And my logic was that "only" some 6k had the same password at Coinbase as for their email.

The rest... yes, you're right. Coinbase simply didn't care to make it better/proper... or pay for auditing what "Bob in security" did there.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
October 02, 2021, 03:49:13 PM
#6
Some points before people starts panicking:

The hack took place between March and May 20 of this year

The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails

Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.

I would think that if the leak was coinbase the numbers would be much higher.

Thinking about it more, and the fact that they are mentioning a SMS gateway issue I am drifting towards the opinion that the issue was with a bad SMS implementation that allowed messages to be sent to non phone devices (google voice and the like)

Bit of background, SMS providers can tell MOST of the time if your phone is a real cell or something like google voice and for security reasons not allow you to get SMS messages to those numbers. Even Microsoft does this, I can get recovery texts to my cell, but not my Google Voice or our office VOIP line. I can get normal texts to them all day every day. I have 2 banks 1 will send the SMS to my GV number, the other tells me it's not secure.

So, if I got access to your gmail account (picking on them I am sure there are others that have linked email and phone numbers) and you had your SMS access /recovery phone number set to the google voice number that was linked to that account. Well, it's all over for you. I can reset your Coinbase password, get the SMS, take your money any leave. All with just getting the password for someones [email protected] account.

All because Bob in security forgot to click the checkbox that said, disallow VOIP numbers.

-Dave
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
October 02, 2021, 03:45:47 PM
#5
It is strange that this news has spread so far.
Not that strange, these media are showing past incidents for a sure agenda and that's to give fear to the people that are new to this.

We still need to improve security on these exchange sites that are necessary for users.
They are the ones that have to improve security and I think that they're doing that but it's just that they have to continually do that. Because these hackers are also improving and finding every possible loophole from their systems.
member
Activity: 1358
Merit: 81
October 02, 2021, 03:38:32 PM
#4
I am not a Coinbase user but I have seen some people in the United States on social media wondering where to invest safely.
According to the article that OP shared:
Quote
The hack took place between March and May 20 of this year, according to a copy of the letter posted on the website of California's Attorney General.
It is strange that this news has spread so far. We still need to improve security on these exchange sites that are necessary for users.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 02, 2021, 02:27:34 PM
#3
Some points before people starts panicking:

The hack took place between March and May 20 of this year

The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails

Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.
jr. member
Activity: 700
Merit: 3
October 02, 2021, 02:08:28 PM
#2
We become more vulnerable to hackers knowingly or unknowingly because they learn from constant experiences and regular practice. To not fall prey of vipers like this extra caution should always be taken. Imagine one using same password for all the email accounts he has, and all the accounts he has online. When one account is attacked, the rest gets vulnerable.
newbie
Activity: 26
Merit: 4
October 02, 2021, 01:20:17 PM
#1
Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/
Jump to: