So here's what happened..
Attacker gets access to 'hackers database'. This is like $10 for a collection of leaked passwords / screennames from all sources (I use to have access to this, back in the day).
Attacker logs into an old email I no longer use. Email provider "Is this still your phone number?" - now attacker has my phone number.
Attacker calls up phone carrier at 4:35pm. Collects info of some sort, probably getting the carrier to give the attacker my PIN (phone people are easy pushovers, in my experience). Either that or insider, possibly.
Attacker contacts Israel phone carrier, 7:35pm, Oct 29th, initiates SIM swap (I am American). 7:55pm - Welcome to Israel message at phone carrier (but I am not notified in any way). Note - the attacker never touched my actual phone, this is all done remotely.
8:01pm - Hacker grabs Coinbase associated email, uses phone to bypass password. Hacker contacts Coinbase, uses email to bypass password. Hacker begins making trades.
8:02pm - Hacker uses email to bypass passwords on One drive, Google Drive, and Drop box - downloads all data.
8:29pm - I am on wifi, I see email 'your password bypass has been sent to phone' notice I have no service.
8:35pm - I get into the chat box at Nexo, they lock my account in 5 mins. No questions asked.
8:40pm - I change email password, get message 'your phone has been used to bypass your password'.
8:41pm - I attempt to log into to coinbase - 'your account no longer exists' - no account is associated with that email.
8:55pm - I use my spare phone, contact phone carrier, they disconnect the compromised line.
9pm - I call coinbase, get immediately disconnect - it is LITERALLY IMPOSSIBLE to 'lock' your account with coinbase once a hacker gets your SIM - coinbase will immediately hangup.
9:25pm - Coinbase redirects to 'chat bot' - chat bot will NOT ALLOW you to lock your account. There is NO WAY to lock an account once the hacker has your phone and changes the email associated with the account.
9:45pm - Call coinbase repeatedly, immediately disconnected every time, no way to speak with customer service. Chat box offers no help. No way to send a message to coinbase to lock an account from a secondary phone or using the internet.
10pm - Use second phone to create a new (duplicate) coinbase account. Get through to customer service. This takes about an hour.
11pm - Customer service does not know English what so ever. Repeatedly emphasize the email associated with the account has been changed, customer service says they can not pull up your account using any other means but the email, if I do not know what email address the hacker changed it to, they will not pull up my account or lock it.
12:15am - After 3 hours of frantically trying to contact coinbase, I finally get a customer service rep to find the account using the email address before the hacker changed it. Customer service rep assures me of the balance, approximately where I left it, with 24 hour white listing, no funds withdrawn, and says it is locked. I ask for an email confirming this, customer service rep says coinbase will not allow them to send confirmation emails, but that it is locked, and the balance is approximately where I left it, and confirms an asset (coin) is still in the account of the balance I state. Rep says not to call back, as that will 'delay the process'.
Sunday, Oct 30th, 11am - I contact phone carrier. I SIM swap back (takes 5 minutes, no id verified), I contact phone carrier fraud department. I filed a police report. This takes approximately 3 hours, including multiple car trips etc.., still faster than coinbase customer service.
Sunday, Oct 30th - I call back using the original phone. Takes another 3 hours. This time the rep is much, much more incompetent. Rep eventually confirms that the account exists, and that it is locked, and not to call back.
Tuesday, Nov 1st - I call again, the rep will no longer confirm any amount of the balance, but says it is locked. Call takes another 3 hours. Says to not call back.
Thursday, Nov 3rd - I call again, another 3 hours, Same message.
Saturday, Nov 5th - I get my first email from Coinbase Security. 'Your account has been locked, however we continued to allow the attacker trade on your account. These trades are 'irreversible'. If you agree, we will delete all records and send you anything that still remains in the account.'
How much, and what asset is left in the account is left to your imagination..
Sunday 3am, Nov 6th - I reply, send me all details of all trades. I want the new account I HAD to create to contact customer service deleted, and I want the old account reactivated. I do NOT want coinbase to delete all records of what happened. I want coinbase to use their fraud insurance to restore my balance / positions. I notified coinbase within 3 hours of the incident, after REPEATEDLY getting hung up by customer service and a chat bot that goes no where (I would have notified them within 40 mins if they had any competent service).
Monday, Nov 7th - No response from coinbase. I get through to customer service rep, I ask her to confirm is it closer to $0 or $165,000. She confirms it is 'closer' to $165,000. This makes me feel a little better.
Tuesday, Nov 8th (today) - No response from coinbase.
The hack occurred Oct 29th, at 8pm. I attempt to contact coinbase within 40 minutes, but takes 3 hours as customer service does not speak English.
Coinbase has continued to allow the hacker access to my account, to make trades, over the last 230 hours. It took approximately 190 hours to receive my first message from coinbase security.
Coinbase repeatedly instructs you not to call back, will not send you confirmation emails, and will not reverse or tell you the email address the hacker changes your account to. Coinbase will not look up your account using any other method but email address.
How to prevent this type of attack.
1) You MUST - DELETE - your phone from any associated email address. You can not merely setup Google 2FA (which you SHOULD do) but you must also DELETE the phone COMPLETELY.
2) You must report Fraud to the Phone carrier service. This will take approximately 3 hours. Report fraud even if you have not experienced fraud. They CAN do a SIM block - but this is not an option through the menus, regular reps will be unaware of this option. My phone is currently SIM blocked for '10 years' (I can still transfer my SIM to a new phone, but I can't create a new SIM from a lost phone without excessive hassle, so they say).
3) Close your coinbase account. Coinbase will always allow you to use your phone as a password bypass tool, even if you have 2FA setup. Customer service reps are too incompetent to prevent this, and maybe even policy demands it. Close out any email that won't let you DELETE your phone number completely. Remember, someone in 'Israel' can steal your phone in a minute, take all your cloud storage and crypto in 2 mins, and coinbase will even let them change your account email address, without ANY of these creating a red flag - that they will actually respond to. It's more like a 'I will allow it' flag.
So that is my experience so far, I'll update this / make a new post as I get more information.. I will also probably be contacting a lawyer, eventually, after I see what they have done. Any reputable Law Firms, suitable for suing coinbase / arbitration, please feel free to leave a comment. I won't be responding to 'reddit instant message' spam.
Hope you guys have better luck. What would you do to if your bank took 230+ hours to respond to a hacker accessing your account, and continued to allow them to drain it while earning commissions in the process? Would you consider them an assessor to grand theft?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments