Topic: Can Coinbase be hacked? - page 2. (Read 4916 times)

I just use coinbase as a conduit for converting between BTC and USD.  I wouldn't use it as long term storage for significant quantities of currency because that increases the risk of shit happening.

Yes, because the site itself could be hacked, not through an individuals account, but through various attacks through insecure code and services on coinbase itself.

You really think so? lol

no

Your password works out in theory to be a 104.87 bit password ( bits of entropy ), so thats a fairly difficult to crack password ( although I would not have so many numbers in a row like that ).

Theoretically, any password can be bruteforced, but just not in the real world.

example: Your password cracked in 58 years....
( 94^16 / 2 ) / ( 10^22 ) / 60 / 60 / 24 / 365.25 = 58 years at a 10 Sextillion hashes per second bruteforcing it.

Attackers are going to focus on the easy hacks first before ever trying out bruteforcing passwords. APIs, installable wallets, through to the yea old database code injection hacks would be the place most of them would start.

It seems they have an API vulnerability. Several accounts have been hacked.. So what is the safest way to store Bitcoin.. Paper wallet.. and if there is fire thats gone too ?

i dont think coinbase is safe at all. no hosted wallet is safe.

keep coins with 3rd parties at your own peril!

Is a password something like this complex enough

Akasha#5123&7623

Big? Trusted?
How did you already come up with these words?
Have they existed for such a long period to label them as secure and trusted?

Also,far bigger and older companies have been hacked to promote Coinbase as impenetrable.

biometric -- that's what i want!

That is still 2 factor.  Password is something you know.  The yubi key and google auth is something you have.  To get third factor you must include something you are (Bio metrics).

I think Sony was bigger and more trusted.

yes, of course, anything can be hacked. security is just a deterrent...... but your're fine, from the sound of it

if you have coins, withdraw to a wallet you control, though. no reason to leave em in a hosted wallet. that's asking for trouble

Hypothetically, any website can be hacked.

The question is how hard is it to do so.

For big, trusted companies like Coinbase, I think it is very unlikely someone will figure out how to hack them.

Just because someone security cleared doesn't mean they know how to write secure code.  As a CEH & OSCP I regularly get through apps written by very security conscience developers/project teams.

MFA protects you from yourself and the likelihood that your system will be compromised.  

As for the security of the system, defense in depth and design and development with a focus on security goes a long way.  Were talking typical infrastructure security like Firewalls, IDS/IPS, WFA and the such are just not enough.  

Typically systems are built to meet the business need.  Business defines functionality, then use cases and test cases are written.  They tend to forget about the abuse cases, and that is when I can get in.  

What needs to happen in addition to all the infrastructure security, is that non functional requirements like security are considered from the beginning and developers are trained in defensive software development, designers trained in such things as threat modelling, business owners place as much focus on security testing as they do on functional, performance and UAT testing.  Then you stand a chance.

So, it's as secure as they allow it to be.  They will always claim it is secure, but the truth is in the pudding.  I have no idea if they are or they are not.  I certainly hope they are as I know many people rely on them.

Though sites have been working hard to counter hackers, every sites may be hacked.
It would be better to store your funds in your offline wallet.

Any place can be hacked.  Two factor auth will prevent you from bring hacked with a keystroke logger.  The hacker will need your password "Something you know" and the google auth app on your phone "Something you have" in order to access your account. 

mobile sms can hack, password too.
But it is very expensive to hack sms.
hacking password is very much depends on its complexity.
And of course viruses - they like windows and windows like them.

SMS verification on smart phone may be problem, especially when you are connected to internet with it and browsing or playing variety of games - it can be compromised

coinbase has very good intentions to be hackerproof, they mention empleyees are security cleared. If they have implemented what they say, it is quite secure. It is best to be couscious though.