I am not quite sure how they ported the phone.
I suspect they used tracfone had the cell number hoped by getting the email
that the email linked to tracfone and to coinbase was the same
so if they hack just the email
they could try to port the cell to their carrier.
then get into coinbase change password and use 2fa to allow withdraws and alter the email
...
Best to buy a burner phone set up google to microsoft auth.
the coinbase account does not know that phone number so no one can port it over to another network.
Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.
The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?
Phone a the ported phone was a tracfone.
I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number
They could have hacked the email using recovery to the phone.
This gave them the phone and the email.
they use that to go after the coinbase
they change the password.
they find that no changes in the account or withdrawals can be done without
a code that is only available on a phone that no one knows the number. It is not 2fa. and gives a six digit number every 60 seconds .
They could have been say with draw .25 btc and putting in random six digit numbers as I was driving home
( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.
I think my error was the email recovery was linked to the cell
which let them get into the email. That email is 22 years old I changed the password.
I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.
I also had the account set to need the auth app for any withdrawal (thank goodness)
found this on coinbase
signout session web 198.54.133.76 United States about 20 hours ago
signout session web 198.54.133.76 United States about 20 hours ago
signout session web 198.54.133.76 United States about 20 hours ago
signout session web 198.54.133.76 United States about 20 hours ago
signout session web 198.54.133.76 United States about 20 hours ago
signout session web 198.54.133.76 United States about 20 hours ago
password reset completed web 198.54.133.76 United States about 20 hours ago
password reset requested web 198.54.133.76 United States about 20 hours ago
signin failure api 187.11.158.232 Brazil 3 days ago
signin failure api 187.11.158.232 Brazil 3 days ago
all of the above is bad shit
this looks like first shot they took
signin failure api 2605:xxxx:xxxx:xxxx:xxxx:xxx:xxxx:c91f United States 7 days ago
each signout session was likely 3 trys at moving the btc. random codes are 1,000,000 numbers so they had say 18 of 1,000,000 of grabbing the btc
I am genuinely sorry to hear about this philipma. I'm also glad and relieved to hear that no coins were stolen.
What am I about to say next, I hope you don't take as rubbing it in or anything. You have to decide what works best for you. But I can honestly say that if you had had your coins on a hardware wallet like a Trezor, none of that would have happened (provided you set it up correctly, have your security protocols right, and don't fall for the phishing scam of going to a fake Trezor website, etc.).
I'm seriously baffled after all the talk and confirmation over the years about how great and solid hardware wallets are, that people still refuse to investigate and use them.
In fact, if someone has a legit link of someone getting their coins stolen from a Trezor that wasn't a phishing scam, please link to it. I'd be curious to read it. So far I have come across zero.
And it wouldn't even mean that we stopped "going up forever Laura" 
But like everything it's all tradeoffs. What tradeoffs are we willing to make?
