I am not quite sure how they ported the phone.
I suspect they used tracfone had the cell number hoped by getting the email
that the email linked to tracfone and to coinbase was the same
so if they hack just the email
they could try to port the cell to their carrier.
then get into coinbase change password and use 2fa to allow withdraws and alter the email
...
Best to buy a burner phone set up google to microsoft auth.
the coinbase account does not know that phone number so no one can port it over to another network.
I suspect they used tracfone had the cell number hoped by getting the email
that the email linked to tracfone and to coinbase was the same
so if they hack just the email
they could try to port the cell to their carrier.
then get into coinbase change password and use 2fa to allow withdraws and alter the email
...
Best to buy a burner phone set up google to microsoft auth.
the coinbase account does not know that phone number so no one can port it over to another network.
Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.
The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?
Phone a the ported phone was a tracfone.
I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number
They could have hacked the email using recovery to the phone.
This gave them the phone and the email.
they use that to go after the coinbase
they change the password.
they find that no changes in the account or withdrawals can be done without
a code that is only available on a phone that no one knows the number. It is not 2fa. and gives a six digit number every 60 seconds .
They could have been say with draw .25 btc and putting in random six digit numbers as I was driving home
( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.
I think my error was the email recovery was linked to the cell
which let them get into the email. That email is 22 years old I changed the password.
I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.
I also had the account set to need the auth app for any withdrawal (thank goodness)
Tough situation. Have seen this happen MANY times.
Secure Bitcoin storage is possibly the HARDEST problem to solve well. It is very easy to make mistakes. I have personally spent a lot of time setting up my storage/recovery strategy. It is a balancing act between making it too easy for thieves, and making it too hard to reliably execute.
This is probably the biggest hurdle for Bitcoin adoption. And the reason, I have said often, that the masses will never "be their own banks". Something as simple as using a secure and reliable source of entropy for key generation is critical.
Glad you avoided being robbed.
