Coinbase Account Hacked Due to Customer Support Negligence

It almost seems as if the Coinbase exchange has been making more negative headlines lately than ever before. One of its users recently reached out to us explaining how his account was hacked and the company failed to take any responsibility. Apparently, Coinbase’s customer support team can be tricked into removing 2FA from an account even when provided with partially incorrect account information. The follow-up response from the team was anything but stellar.

Coinbase Negligence Is Getting Out of Control

Whenever there is an issue with a Coinbase account, contacting support is one’s best option. However, not all of the support tickets the exchange receives are completely genuine. One user saw his account get hacked and emptied due to gross negligence on behalf of the company. Someone had impersonated him in an effort to get the two-factor authentication security removed from his account. This process is not easy, as Coinbase requires verifying a fair amount of information to establish the identity of the account owner.

To comply with Coinbase’s demands, the hacker provided the correct full name, account creation date, phone number, and purchase information. All of this information can be obtained with relative ease if one does some digging. Additionally, the criminal also provided the user’s bank account number and name. While the bank name was correct, the final four digits of the bank account on record were incorrect. That in itself should have immediately raised a red flag. For some unknown reason, it did not. This was a grave error by Coinbase and whoever handled this support ticket.

According to the criminal, the 2FA needed to be removed due to “losing access to the phone running the application.” Combined with the wrong bank information, this should have immediately gotten flagged as a phishing attempt. Someone was not paying attention in this case, either willingly or due to a lack of experience. Thankfully, the withdrawal of all account funds was detected and halted in time before anything further could happen. At that point, Coinbase seemingly redeemed itself, but it was only a sign of worse things to come.

When the transfer was blocked, Coinbase also suspended the account in question. That is not uncommon, but it posed a big problem in getting access restored. The hacker was still able to withdraw 5 ethers, even after a larger withdrawal had been blocked by the system. That is still a US$1,000 loss which needs to be compensated, though the company has no plans to do so. As it happens, an email issued by Coinbase in response to this incident only makes matters more confusing.

Judging by the email, one can clearly see the attacker had tried to breach the account in question five days prior to the withdrawals being made. They had been blocked by Google’s 2FA protection. Oddly enough, the hacker did succeed in accessing the account a few days later by confirming a Google Authentication code. It is unclear how this happened exactly since the hacker had asked to get 2FA removed on the 21st. Where did the 2FA request originate, and who confirmed it? Although Coinbase claims not to have authorized the request to remove 2FA, the attacker nevertheless succeeded in gaining access to the account without having access to the authentication code.

There is something very fishy going on over at Coinbase. The company has a lot of issues to sort out, especially in customer support. Its lack of action after detecting multiple failed logins — from different IPs, we assume — is troubling. They did absolutely nothing to warn the user in question. Additionally, they block transfers and allow assailants to make smaller withdrawals without any problem.

We reached out to Coinbase, and asked the following questions: Could you tell us what is the average response time for your customer support? Could you also give us an overview of your customer support team?

According to Megan from their Public Relations department:

I can’t comment on individual cases, but we continue to hire more people both on the customer support team to address the large increase in the number of inbound support tickets. Brian Armstrong, our CEO, wrote a post last month regarding our plans to improve customer support, see here: