Categories: CryptoNews

Coinbase Account Hacked Due to Customer Support Negligence

It almost seems as if the Coinbase exchange has been making more negative headlines lately than ever before. One of its users recently reached out to us explaining how his account was hacked and the company failed to take any responsibility. Apparently, Coinbase’s customer support team can be tricked into removing 2FA from an account even when provided with partially incorrect account information. The follow-up response from the team was anything but stellar.

Coinbase Negligence Is Getting Out of Control

Whenever there is an issue with a Coinbase account, contacting support is one’s best option. However, not all of the support tickets the exchange receives are completely genuine. One user saw his account get hacked and emptied due to gross negligence on behalf of the company. Someone had impersonated him in an effort to get the two-factor authentication security removed from his account. This process is not easy, as Coinbase requires verifying a fair amount of information to establish the identity of the account owner.

To comply with Coinbase’s demands, the hacker provided the correct full name, account creation date, phone number, and purchase information. All of this information can be obtained with relative ease if one does some digging. Additionally, the criminal also provided the user’s bank account number and name. While the bank name was correct, the final four digits of the bank account on record were incorrect. That in itself should have immediately raised a red flag. For some unknown reason, it did not. This was a grave error by Coinbase and whoever handled this support ticket.

According to the criminal, the 2FA needed to be removed due to “losing access to the phone running the application.” Combined with the wrong bank information, this should have immediately gotten flagged as a phishing attempt. Someone was not paying attention in this case, either willingly or due to a lack of experience. Thankfully, the withdrawal of all account funds was detected and halted in time before anything further could happen. At that point, Coinbase seemingly redeemed itself, but it was only a sign of worse things to come.

When the transfer was blocked, Coinbase also suspended the account in question. That is not uncommon, but it posed a big problem in getting access restored. The hacker was still able to withdraw 5 ethers, even after a larger withdrawal had been blocked by the system. That is still a US$1,000 loss which needs to be compensated, though the company has no plans to do so. As it happens, an email issued by Coinbase in response to this incident only makes matters more confusing.

Related Post

Judging by the email, one can clearly see the attacker had tried to breach the account in question five days prior to the withdrawals being made. They had been blocked by Google’s 2FA protection. Oddly enough, the hacker did succeed in accessing the account a few days later by confirming a Google Authentication code. It is unclear how this happened exactly since the hacker had asked to get 2FA removed on the 21st. Where did the 2FA request originate, and who confirmed it? Although Coinbase claims not to have authorized the request to remove 2FA, the attacker nevertheless succeeded in gaining access to the account without having access to the authentication code.

There is something very fishy going on over at Coinbase. The company has a lot of issues to sort out, especially in customer support. Its lack of action after detecting multiple failed logins — from different IPs, we assume — is troubling. They did absolutely nothing to warn the user in question. Additionally, they block transfers and allow assailants to make smaller withdrawals without any problem.

We reached out to Coinbase, and asked the following questions: Could you tell us what is the average response time for your customer support? Could you also give us an overview of your customer support team?

According to Megan from their Public Relations department:

I can’t comment on individual cases, but we continue to hire more people both on the customer support team to address the large increase in the number of inbound support tickets. Brian Armstrong, our CEO, wrote a post last month regarding our plans to improve customer support, see here: https://blog.coinbase.com/improving-customer-support-139d99e72876

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

40 mins ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

46 mins ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

54 mins ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

2 hours ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

2 hours ago

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

4 hours ago