Cross posting so people can be aware and not be stupid like I was. Dont leave your crypto on coinbase. Hell, don't even use coinbase. Make sure you have your crypto in cold storage.


Last week, my coinbase account was hacked. someone got into my hotmail, then requested a password reset. I got the text for that with code, then someone called saying they were with coinbase security. I gave them nothing. then went to my account to change the password myself and called their support number to lock my account. Before I could do all of that, they got past the sms 2FA and drained my account. Then i got over 300 text message from 1410 numbers. Still getting them 24 hours later, just not as many as fast. I am guessing they did that in order to bury any coinbase messages in my text messages.

How did they get past 2FA? It was sms 2FA, but still, how? Coinbase sucks too, they just said security is my responsibility. I am still working to get back into my account. Caling the hacker would be faster than going through Coinbase support.

These are sophisticated, so not entirely sure but sounds like they got your SIM copied onto a new phone. Sucks that happened.

I use 2FA via an app on an old phone that is not even network activated.

Ever since the LastPass hack I've had scammers relentlessly trying to get in to my CB account including calling and pretending to be a Coinbase rep.

I called ATT and they said they verified that it wasn't a sim swap. I just bought an iPhone 15 and it is esim. they told me that once I switched to the esim, it rendered the old sim useless. Or something like that.

Bitcoin being a public network, you can at least see the address where your BTC was sent. It's a long shot, but you might check with local law enforcement / FBI and see if they have details about who/where your money went.

When Colonial Pipeline was hacked, they were able to recover some of the Bitcoin ransome they paid. Here's an article on that.

https://www.reuters.com/business/energy/us-announce-recovery-millions-colonial-pipeline-ransomware-attack-2021-06-07/#:~:text=WASHINGTON%2C%20June%207%20(Reuters),disruptive%20U.S.%20cyberattack%20on%20record.


I keep my BTC in a Trezor, and I've been very happy with that wallet.

Got the same text messages two nights ago. Guy even called me saying he was from coinbase. I said "alot of scams going around. Im not telling you ****". He said I could verify his number was the coinbase customer support number. I checked, and it was exactly the same.. except for one digit flipped with another. I told him to **** off.

Didn't matter anyway. Haven't had any cash or crypto in coinbase in over 5 years. I guess they could get some personal info if they could get into my account. But I deleted the account and changed passwords on everything else.

Quote:

---

Lastpass has had security issues with their password manager recently but they also offer a standalone authenticator.

---

No, no, no and no.

Do not let a company whose one job was to secure users passwords have another crack at it.

LastPass hack was an absolute nightmare.

Hotmail

So what's a better option than LastPass?

sellthefarm said:

---

So what's a better option than LastPass?

---

There's no failsafe solution as it's only as strong as it's weakest link, but for now I use 1password.

That's not to say they won't fall victim to a hack, but don't go with the company that already did and likely won't survive with it's current name (and thus won't likely put as much effort into making sure things are secure).

Seems they are all having issues. High value targets.
Bitwarden had an issue earlier in the year.
Not sure about dashlane. There's also Keepass and the open source version.

Just FYI if you hadn't heard about this.

https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/

Best bet is probably to buy a yubico device and set it up to link to your device. They have iOS and android compatible dongles.

I'm worried about my SHIB I still have on Coinbase. Lol.

FTR, I can't even access my Coinbase account anymore so it's probably been hacked. I moved all of my BTC offline a couple of years ago.

just got back in to see the account activity.

how can second factor fail so many times in a row and it not lock the account? that is negligence in my opinion.

Agreed that they will all have issues but 1password having a breach in 1 minor area is a bit different than the Lastpass situation.

LastPass had everything breached, then lied about how big the breach was. That should be a business death sentence.

Yes I completely agree. I was not mentioning it as a point of opposition against 1pw. And definitely not in favor of Lastpass. Just posting it for general info if 1PW users were unaware. And to make the point that all of the pw managers / authenticator clients that have any decent size userbase are high value targets for hacker groups and suseptible to infiltration via the weakest link (human error) so it's important to be aware of headlines related to any app being used.
The current 1PW issue is actually an issue with OKTA the authentication client api that 1pw uses. Apparently it's not the 1st issue OKTA has and they are fairly widely used so I suspect there may be some large applications looking to switch if they don't get this resolved sooner than later.

hold real assets

EliteZags said:

---

hold real assets

---

yeah! Like Paper that says you own something!