Categories: CryptoNews

Coinbase Account Hacked Due to Customer Support Negligence

It almost seems as if the Coinbase exchange has been making more negative headlines lately than ever before. One of its users recently reached out to us explaining how his account was hacked and the company failed to take any responsibility. Apparently, Coinbase’s customer support team can be tricked into removing 2FA from an account even when provided with partially incorrect account information. The follow-up response from the team was anything but stellar.

Coinbase Negligence Is Getting Out of Control

Whenever there is an issue with a Coinbase account, contacting support is one’s best option. However, not all of the support tickets the exchange receives are completely genuine. One user saw his account get hacked and emptied due to gross negligence on behalf of the company. Someone had impersonated him in an effort to get the two-factor authentication security removed from his account. This process is not easy, as Coinbase requires verifying a fair amount of information to establish the identity of the account owner.

To comply with Coinbase’s demands, the hacker provided the correct full name, account creation date, phone number, and purchase information. All of this information can be obtained with relative ease if one does some digging. Additionally, the criminal also provided the user’s bank account number and name. While the bank name was correct, the final four digits of the bank account on record were incorrect. That in itself should have immediately raised a red flag. For some unknown reason, it did not. This was a grave error by Coinbase and whoever handled this support ticket.

According to the criminal, the 2FA needed to be removed due to “losing access to the phone running the application.” Combined with the wrong bank information, this should have immediately gotten flagged as a phishing attempt. Someone was not paying attention in this case, either willingly or due to a lack of experience. Thankfully, the withdrawal of all account funds was detected and halted in time before anything further could happen. At that point, Coinbase seemingly redeemed itself, but it was only a sign of worse things to come.

When the transfer was blocked, Coinbase also suspended the account in question. That is not uncommon, but it posed a big problem in getting access restored. The hacker was still able to withdraw 5 ethers, even after a larger withdrawal had been blocked by the system. That is still a US$1,000 loss which needs to be compensated, though the company has no plans to do so. As it happens, an email issued by Coinbase in response to this incident only makes matters more confusing.

Related Post

Judging by the email, one can clearly see the attacker had tried to breach the account in question five days prior to the withdrawals being made. They had been blocked by Google’s 2FA protection. Oddly enough, the hacker did succeed in accessing the account a few days later by confirming a Google Authentication code. It is unclear how this happened exactly since the hacker had asked to get 2FA removed on the 21st. Where did the 2FA request originate, and who confirmed it? Although Coinbase claims not to have authorized the request to remove 2FA, the attacker nevertheless succeeded in gaining access to the account without having access to the authentication code.

There is something very fishy going on over at Coinbase. The company has a lot of issues to sort out, especially in customer support. Its lack of action after detecting multiple failed logins — from different IPs, we assume — is troubling. They did absolutely nothing to warn the user in question. Additionally, they block transfers and allow assailants to make smaller withdrawals without any problem.

We reached out to Coinbase, and asked the following questions: Could you tell us what is the average response time for your customer support? Could you also give us an overview of your customer support team?

According to Megan from their Public Relations department:

I can’t comment on individual cases, but we continue to hire more people both on the customer support team to address the large increase in the number of inbound support tickets. Brian Armstrong, our CEO, wrote a post last month regarding our plans to improve customer support, see here: https://blog.coinbase.com/improving-customer-support-139d99e72876

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

13 mins ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

1 hour ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

1 hour ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

7 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

12 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

18 hours ago