Topic: Coinbase Wallet - Is my $ lost because I pressed this one button (dangerous)? (Read 442 times)

我觉得你应该换一个钱包，试试

"Coinbase Wallet" app is not the same as "Coinbase" so having the log-in credentials wont help on recovering the former.
However, since you're using Coinbase, then you can just log-in to the site/app since you have your log-in info.

Or do you mean "Coinbase Wallet"? If that's the case: It's a non-custodial wallet;
being non-custodial, Coinbase doesn't have access to your backups and you really need the seed phrase (backup phrase) to restore it.

Uggh,

You trusted a crappy Apple Iphone with $15K,

I find it interesting that you totally ignore the fact , the apple update is what caused your problems, not coinbase.

I would think you have a better lawsuit against apple than coinbase.

However odds are the fine print, will place all the responsibility on you with either company.

Shot in the Dark,
Try contacting the developer of the coinbase wallet Toshi and see if they can help you recover your funds.
https://probleme.app/en/tag/Toshi/
https://probleme.app/en/coinbase-wallet-problems/#appreport

Have you had success logging back in? I have the exact same issue. Have used Coinbase and Coinbase Pro, have login info but was never given seed phrase and was kicked out when the app was updated.

Hi dadbody00,

Did you finally get access back to your Coinbase Wallet?
I got the same problem.
Somebody told me there is perhaps a solution. Somebody qualified might access to the motherboard of the iPhone and get the recovery data files in order to restore access to the app with former credentials.
Like setup a former version of the Coinbase Wallet before the incident.
Some of you guys have heard of something like this?

Cheers

Can you imagine if society ran on the mentality of "blame the customer" for misunderstanding a single button and therefore they deserve to lose their life savings.

This is a financial services product by a name brand company planning to go public in the USA and rushing some shitty wallet design from an app they bought of Toshi that is dangerously designed.

I am not even new to crypto.  I have used several wallets with Seeds and they tell you explicitly that it is a wallet with very important Seed words.  They don't vaguely refer to the fact one single time (I was never prompted anything again). 

Coinbase was my crypto bank and that was the danger because I even linked my accounts seemingly.  I thought I was in good hands like if it was Chase or Citibank which now is a joke if you have any experience with their customer service. 

To be a public bank you should have that level of accountability and attention to customer care.  If you do not you should not be in the business of banking people's financial lives.

I also submit that if your entire product is a "secure vault" with "special magic words" that are the most important function preventing your customer from losing all of their money when your app crashes, you NEED to provide the customer the magic words.  You need to tell them the magic words.  You need to show them the words.  At the very least one single time.  You don't say afterward, "Hey the button was highlighted in blue.  Didn't you understand the highlight color or read the manual fine print?"

I didn't even know I was using a Seed based wallet and that is a major problem. 

My wife is an attorney for insurance companies and fine print means jack shit.  Nobody reads fine print and everyone knows that and they are mostly used to just scare laymen from lawsuits.

I believe Coinbase has a hefty class action lawsuit coming for them.

Hopefully it will be a wake up call that they cannot pretend to be a trusted bank on one hand, but also have the willy nilly attitude of some offshore tech company.

It's certainly a tricky problem that UI/UX designers need to consider... "Ease of onboarding" vs. "ensuring customer data is secure"... especially in today's world of "instant gratification, please"

Perhaps another strategy would be to highlight to the user the risks of "transacting" without having created a backup? ie. If you click "receive" (showing intent to receive funds into the wallet) and the backup process has not been completed, either a big warning or another prompt to complete the backup process or both!


I felt like an idiot when it happened to me. I'm just thankful that when I learned the "backup first" lesson... it only cost me a couple of satoshis.

Unfortunately it didn't. I can understand your disappointment but you have to realize that all of this could have been prevented if you were a bit more cautious and asked these questions before you started using the wallet. The screenshot HCP posted says: Don't risk your money. Take 2 minutes to back up your wallet. I can understand that you are new to crypto and you didn't know the importance of seed phrases, but didn't it occur to you to research what they mean with backing up a wallet and how can one lose access to crypto? The Backup now button is in blue. Coinbase uses visual stimulus to make you press that button. The Later button has no highlighting, it's less visible because of its less importance.   
  
I agree, they should have showed them at the beginning and most wallets do. It doesn't say what you wrote, but they do warn you that you are risking to lose your money if you don't back up your wallet.
 
You are not an idiot. You just didn't have the needed knowledge and patience to research what you are getting into, and unfortunately, it cost you quite a lot of money.

I think the user should be reminded to backup the seed until the software has confirmed the seed has been backed up. IMO, the importance of backing up the seed should be made more clear, as I can understand how a new user of bitcoin might not understand what this means and the implications of not backing up their seed.

This would remove the incentive for the user to 'fool' the software into believing they have backed up their seed, and would help educate newer users as to the importance of backups.

Oh lol, I misread as "you don't get the "Don't risk...". My bad. So if you haven't made a back up, you get that warning every single time you open the app?

Because forcing the user to re-enter the words on a new screen means they must have copied them somewhere. It might be somewhere inappropriate such as taking a screenshot, but it still forces them to make a copy in some format. Having a button which allows you to skip the whole process entirely is inadequate.

Surely this is all the more reason to force them to view the seed phrase and re-enter it on the next screen. If they don't know how important a seed phrase is, then giving them the option to skip over it entirely doesn't exactly help the issue.

errr... that's exactly what it does... you even quoted that part


How is showing 12 words and getting the user to re-enter them "adequate notice or warning" compared with:



IMO, the real issue, as someone mentioned earlier, is education... if someone doesn't understand that they need a backup of a wallet because iCloud backup isn't a magic bullet... they're probably not likely to realise how important the 12 word backup is anyway... and that's when people take screenshots, or email them to themselves, or scribble it on an easily lost post-it/notepaper so they can "just get past this stupid dialog and start using the app" etc... and then they just end up losing money further down the line.

It's certainly a shitty situation... and I've done it myself... granted, only a tiny fraction of the amount lost here... so I was lucky and learned the lesson "cheaply".


@dadbody00, best of luck with the arbitration... and I hope this experience hasn't totally put you off crypto.

Definitely not enough. Every other good wallet I have used which uses seed phrases displays them by default on set up and requires the user to confirm them on the next screen. If the user copies and pastes or uses some other method to avoid writing down the seed phrase, than that is entirely their fault and they cannot argue they were not given adequate notice or warning. But not displaying the seed phrase by default, allowing the back up to be skipped and still have full use of the wallet, and not providing future reminders other than a small "!" in the settings menu is not enough in my opinion. If they aren't going to display the seed phrase by default when you create the wallet, then I would expect something like a notification screen every time you open the app or a banner at the top visible at all times saying that you have not backed up the wallet.

Coinbase market their wallet as an easy to use solution for non-technical minded users who may feel uncomfortable using a more technical wallet. These users may be entirely unaware of the importance of seed phrases, as in OP's case. Giving them the option to skip the only way to recover their coins is unacceptable.

To answer your question...Should the app just go straight to the "Recovery Phrase" window and refuse to let the user use the app without completing the backup process at least once?

YES.  It is called providing the password.  If there is a magic word to a vault, you tell the customer the magic word.  Why would you not?  Is there someone out there who doesn't want to know the magic word to the vault?

I plan to file a lawsuit against Coinbase go through their Arbitration process.  Who knows how that will go down but I truly feel cheated of common sense.  And it also irks me that I chose to use Coinbase's wallet because they were my trusted crypto bank.  I wish I just used Trust Wallet now obviously.  Would have saved me a lot of money and headache.

Just tell the customer the magic word before you lose the keys to the vault.

My response is... No, not enough. 

I simply pressed "Later" not understanding what they were asking and then transferred money and then the app crashed and I lost what is now $20,000.

My massive error was not properly understanding what Backup meant.  Back what up?  My iPhone is already backing up through the cloud.  Why would I need their stupid backup?  I had to give an account name, a pin, it uses my biometrics... but none of it mattered.  None.   

Why not simply show the words/keys before letting someone transact.  Or why not say, "If you lose these Seed words, you lose all your money?"

One button/misunderstanding at the very beginning should not cost $20,000.  It coulda cost millions.  Would that be okay?

Coinbase needed to show me the Seed words before letting me transact.  They did not.  They never showed me any Seed Phrase and therefore never provided it.  Burying something in Settings is completely irresponsible.  Just show the words UP FRONT. 

Whatever they did failed me.  Did it not?  Am I just an idiot and deserve to lose all my money because I missed a button?  Are all the other people who it has happened to also just so stupid they deserve?  There should be 0% chance of someone never seeing the Seed words.

For the record... Coinbase wallet asks if you want to create a backup when you set up a new account

"Take 2 minutes to back up your wallet, and never risk losing your money."



Tapping backup takes you to the "Recovery Phrase" window... with a (!) Not backed up warning at the top... your 12 words and the text:

And then provides 2 options:
- Back up on Google Drive (I assume because this is Android version, not iOS)
- Back up manually

I can't take screenshots, because the app doesn't allow screenshots on the recovery phrase windows for security reasons If you don't complete the process by either backing up to the cloud, or backing up manually (which requires that you re-enter all the words in the correct order), it shows the following in the settings menu:


You get the (!) warning symbol next to the "Recovery Phrase" option... Tapping that options takes you to back to the Recovery Phrase window as above.

I should point out that if you click "later" (or the 'x') to close the backup popup... then close and re-open the app, you get the "Don't risk your money" pop-up again.


What do people think?

- not enough? Should the app just go straight to the "Recovery Phrase" window and refuse to let the user use the app without completing the backup process at least once?
- Just right? It offers the backup option at startup, but also gives the "Later" option if you're willing to accept the risk of not having a backup and reminds you to backup later if you haven't.
- Too much? nagging popups are annoying and unnecessary!

"Pasting it to a txt file" is a reply to the "test" part, it's pretty obvious given the text "For testing purposes". A note about not actually backing up the seed in that case is unnecessary.

For the other parts, I've already posted my opinion.

If you copy a seed into a text file (that may not even get saved), you are not really backing up your seed. I do the same thing when I am deciding if I want to use a different wallet software.

If a wallet knows that you have not backed up your seed, it can warn you about the risks associated with not having backups until it believes you have created a backup. If a user were to fool the software they created a backup with a text file for example, there would be no reason for the software to continue bugging the user to create a backup.

Someone who keeps $100 in their phone wallet to use to buy lunch might understand the risks associated with not having backups, and not create them because of the amounts involved. However, if they were to later send thousands of dollars worth of coin to that wallet for whatever reason, they would probably want to have backups, but the fact they never created a backup might get overlooked.

You've pretty much just summed up Coinbase's entire business model. If it attracts new users to their platform, they don't actually care about how well it does (or does not) function.

Agreed. TrustedCoin on Electrum is a great example of this. It spells out quite clearly when you make a new wallet that you will be charged a fee for to use the service. The entire text you have to agree to is 4 very short paragraphs - it can be read in under 30 seconds - and yet we have endless users not understanding why they have been charged a fee and starting new threads complaining about it. Please do not read instructions, even when it comes to their financial security, but if you make a page that they cannot progress past without confirming their seed, then they will at least read what they are supposed to do.

This would be a terrible idea. The whole point of seed phrases is to not back them up digitally. Writing them down on paper and keeping them offline is far more secure. Any wallet which forces you to back things up to a cloud server or otherwise digitally should be avoided at all costs.

Leaving a 1-2 star review to their app with similar context to your post is usually enough to get Coinbase's attention.
Most of the time, developers respond to reviews with low rating.

These are all great thoughts. 

I don't like forcing a user to do too much either.  I don't even necessarily like the idea of forcing someone to digitally backup the wallet.

BUT I DO think they need to have "shown" the words "on screen" at some point to consider it delivered.  (especially if they don't require the other stuff we talked about). 

I was NEVER ever shown a Seed phrase and therefore believe I was never provided it in my opinion. It is like selling a house without physically producing the keys and then blaming the buyer when he gets locked out five seconds later.  That is absurdly dangerous and not very hard to change.

Also I re-tested the acct opening process on my wife's phone and we both were in agreement that having it say "backup" to cloud without really knowing what they are talking about is kind of weird and confusing for some.  I didn't even know what that meant.  Back what up?  The application?  My iPhone is already backing up through the cloud.  Why do I need their backup?  That is not a completely irrational thought.  I have to give an account name, a pin, it uses my biometrics... but none of it mattered.  None. 

You can't sell expensive properties without providing the keys.  Coinbase failed to provide them.  They hid the Seed words as far as I am concerned in a backend menu.

As is, it is a very dangerous financial services application for general use to the public.  They need to know this and do better.