My Coinbase was just compromised | Bitcointalksearch.org

pbody

full member

Activity: 198

Merit: 100

Quote from: damiano on December 15, 2013, 11:03:26 AM

Coinbase customer service is piss poor. There simply isn't enough customer service techs or peeps (what ever you want to call them) to handle all the volume.

Ultimately if they can't pull it together for the long run they will fail. There are a lot of smaller up and coming companies with a similar model.

There is no support. I have been trying to get a hold of them for days and all I get is an automated response. I agree with you that if they do not get their act together adn wake up to realize that customer service is HUGE when dealing with people's money, they will quickly go out of business. They have no listing for a customer service tech support rep on their site. Seriously idiotic move.

Cryptsy got back to me within 2 hrs and followed up with the issue. I'm gaining more trust in some of the European exchanges. Nice thing about btc is that it can easily be moved anywhere, and is actually way faster on the other exchanges than it is on coinbase.

whiskers75

hero member

Activity: 658

Merit: 502

Doesn't use these forums that often.

Quote from: ?? on ??

Quote from: damiano on December 07, 2013, 05:02:41 PM

Quote from: kireinaha on December 07, 2013, 04:44:25 PM

Doesn't make sense. How can a 2FA be stolen? It's a randomly generated value and only valid for a matter of seconds.

Unless you select Coinbase's option to not require 2FA again for 30 days from the same computer? If that PC is compromised with a keylogger, then it could be a problem.

Every time I enabled a 2FA I would take a screen shot of the code and keep it. I believe it was either taken from my email or my desktop. I only found some malware on my desktop, but then I said fuck it and wiped the whole disk.

Keeping a screenshot of the 2FA code in a place that itself is not protected is almost as dangerous as not having 2FA in the first place.

I suspect that Coinbase may stop allowing instant purchases + instant withdrawals to an external address because of incidents like this.

STOP PANICKING!

OP just screencap'd the 2FA code, which is a stupid idea, and lost it. Caveat emptor.

damiano

legendary

Activity: 1246

Merit: 1000

103 days, 21 hours and 10 minutes.

Coinbase customer service is piss poor. There simply isn't enough customer service techs or peeps (what ever you want to call them) to handle all the volume.

Ultimately if they can't pull it together for the long run they will fail. There are a lot of smaller up and coming companies with a similar model.

pbody

full member

Activity: 198

Merit: 100

Quote from: btcton on December 08, 2013, 10:54:32 AM

Login to Coinbase, go to history and check if it says you actually bought coins with them. Something similar happened to me. In te transaction history it said I "sent" Coinbase BTC to exchange for USD, but it does not appear in history. I also have not received any money from Coinbase and never wanted to sell my BTC. Luckily for me, I only lost around $1.50 worth of BTC because I only use web wallets for convenience and I usually put all I have in my local wallet/cold storage.

Im on the same boat as the OP. I logged into coinbase and it showed I had made a purchase under buy history. I checked back later in the day and now that has been deleted! So the only proof I have is a printout of the screen and my checking account shows the money being sent to Coinbase. All week it was listed as pending until 12/14. Now there is nothing. The transaction just vanished.

I would not be posting here if Coinbase responded to my email other than an automated response. There is no way to get in contact with them.

I am warning others to be cautious. I met the guys who run Coinbase and I imagine that they would have gotten back to me if something was not seriously wrong.

btcton

legendary

Activity: 1302

Merit: 1007

Quote from: btcton on December 08, 2013, 10:54:32 AM

Login to Coinbase, go to history and check if it says you actually bought coins with them. Something similar happened to me. In te transaction history it said I "sent" Coinbase BTC to exchange for USD, but it does not appear in history. I also have not received any money from Coinbase and never wanted to sell my BTC. Luckily for me, I only lost around $1.50 worth of BTC because I only use web wallets for convenience and I usually put all I have in my local wallet/cold storage.

I got this fixed, not their fault. Anyway, they're back on the green for me.

pbody

full member

Activity: 198

Merit: 100

I believe I am dealing with the same issue. coinbase pulled the money out of my bank account and I am yet to recieve anything after a week. there used to be a pending message that suddenly disappeared and now there is nothing. I was not robbed. I never even had the btc. Coinbase just lost my btc. Now Im dealing with the extreme headache of trying to get it back.

I would steer clear from this place and use localbitcoins with a wallet on your personal pc. At least you get the transaction completely instantly and can immediately get your btc to safety.

Using Coinbase is like running through South Central LA with a wad of cash and a shirt with a huge dollar sign on it. Kiss your money goodbye.

damiano

legendary

Activity: 1246

Merit: 1000

103 days, 21 hours and 10 minutes.

Quote from: pbody on December 09, 2013, 02:32:57 PM

What am I missing here? 2FA constantly changes. Taking a snapshot of it is pointless and will not compromise the account.

Your missing quite a bit. I just tested this with a dummy account on cex.io, go ahead and try it.

pbody

full member

Activity: 198

Merit: 100

What am I missing here? 2FA constantly changes. Taking a snapshot of it is pointless and will not compromise the account.

damiano

legendary

Activity: 1246

Merit: 1000

103 days, 21 hours and 10 minutes.

Quote from: ?? on ??

Quote from: damiano on December 07, 2013, 05:02:41 PM

Quote from: kireinaha on December 07, 2013, 04:44:25 PM

Doesn't make sense. How can a 2FA be stolen? It's a randomly generated value and only valid for a matter of seconds.

Unless you select Coinbase's option to not require 2FA again for 30 days from the same computer? If that PC is compromised with a keylogger, then it could be a problem.

Every time I enabled a 2FA I would take a screen shot of the code and keep it. I believe it was either taken from my email or my desktop. I only found some malware on my desktop, but then I said fuck it and wiped the whole disk.

Keeping a screenshot of the 2FA code in a place that itself is not protected is almost as dangerous as not having 2FA in the first place.

I suspect that Coinbase may stop allowing instant purchases + instant withdrawals to an external address because of incidents like this.

I am aware of that now.

I think moving forward I will keep a copy on a flash drive, so its offline.

takagari

legendary

Activity: 1050

Merit: 1000

Why were you taking screen caps?

zackclark70

legendary

Activity: 868

Merit: 1000

ADT developer

a big hack would explain the huge btc drop the last couple of days

axilla

full member

Activity: 217

Merit: 100

not surprising.. its not called Conbase for nothing.

btcton

legendary

Activity: 1302

Merit: 1007

Login to Coinbase, go to history and check if it says you actually bought coins with them. Something similar happened to me. In te transaction history it said I "sent" Coinbase BTC to exchange for USD, but it does not appear in history. I also have not received any money from Coinbase and never wanted to sell my BTC. Luckily for me, I only lost around $1.50 worth of BTC because I only use web wallets for convenience and I usually put all I have in my local wallet/cold storage.

vm1990

legendary

Activity: 1540

Merit: 1002

Quote from: michiganmushrooms on December 08, 2013, 08:34:57 AM

This is an extremely serious issue! And I'm really surprised it's not getting more traction on the board here... I guess everyone is used to bitcoin services being inherently unsafe. But wasn't coinbase 'supposed to be different'?

coinbase sucks ass... the only person that has a chance to keep coins remotely safe is yourself.... if you take the correct steps ofcorse
your basically asking strangers to keep hold of your money and defend it for free...

anyhow sorry for your loss and in theory coinbase should refund you... in theory.

michiganmushrooms

newbie

Activity: 23

Merit: 0

This is an extremely serious issue! And I'm really surprised it's not getting more traction on the board here... I guess everyone is used to bitcoin services being inherently unsafe. But wasn't coinbase 'supposed to be different'?

Martijnvdc

sr. member

Activity: 322

Merit: 250

Does anybody know if there have been any similar reports?
This seems like quite a serious issue...

balanghai

sr. member

Activity: 364

Merit: 253

So how was this possible? Coinbase employee needs to make ends meet?

damiano

legendary

Activity: 1246

Merit: 1000

103 days, 21 hours and 10 minutes.

Quote from: naphto on December 07, 2013, 04:55:09 PM

Did you activate 2FA and SMS before the hack? Roll Eyes

Both were active before it of course.

Although this week SMS doesn't work for me anymore.

I have to do the phone call where they tell me the code

damiano

legendary

Activity: 1246

Merit: 1000

103 days, 21 hours and 10 minutes.

Quote from: kireinaha on December 07, 2013, 04:44:25 PM

Doesn't make sense. How can a 2FA be stolen? It's a randomly generated value and only valid for a matter of seconds.

Unless you select Coinbase's option to not require 2FA again for 30 days from the same computer? If that PC is compromised with a keylogger, then it could be a problem.

Every time I enabled a 2FA I would take a screen shot of the code and keep it. I believe it was either taken from my email or my desktop. I only found some malware on my desktop, but then I said fuck it and wiped the whole disk.

naphto

sr. member

Activity: 392

Merit: 250

Did you activate 2FA and SMS before the hack? Roll Eyes

Topic: My Coinbase was just compromised (Read 5463 times)