Coinbase has become the world’s most popular exchange for buying and selling digital cryptocurrencies. It has also become the most popular exchange for hackers and scammers to compromse and empty investors digital currency wallets.
If your Coinbase account gets hacked and your cryptocurrency is stolen off Coinbase, it important to understand that it’s gone forever. Coinbase will not give you your money back, specifically if your Coinbase account gets compromised through a SIM swap scam through your cell phone carrier.They say that they are not responsible for a breach caused by a third party such as your cell phone carrier. Although they have “insurance”, it’s only applicable if Coinbase’s main site gets hacked, not your specific account.
SIM swap scams occur when a scammer pretends to be a legitimate customer of the cell phone service carrier in order to obtain a new SIM card. The new SIM card is connected to the real customer’s phone number without the real customer’s knowledge. Once the new SIM card is activated, the scammer uses the new SIM card on a phone under the scammer’s control. As the scammer now has control of the real customer’s phone number, all of the real customer’s phone calls, text messages, and data are directed to the phone under the scammer’s control.
“It has become harder and harder for people to protect their online accounts, given the amount of personal information that has become available to bad actors,” Coinbase chief information security officer Philip Martin acknowledged.
How to Secure Your Coinbase Accounts
Numerous Coinbase accounts get compromised every day, according to Reddit forum r/CoinBase. However, Coinbase says, unauthorized transactions are rare. In 2020, just 0.004% of customers experienced transactions where their email accounts were taken over, SIM swaps attacks occurred on their cellphones, or other personal information unrelated to Coinbase was breached, according to Coinbase.
To improve the security on your Coinbase accounts, the Reddit forum recommends that you should not use the same email everywhere especially for your bank and crypto accounts, and don’t use SMS 2 factor authenication. Your mobile phone SMS 2 factor authenicadtion is not secure.
Once a scammer discover your phone number, all he or she has to do is call his inside accomplice at your phone carrier and get your number swapped to his sim card. To protect your account, experts recommend:
- Don’t use phone texting SMS 2 factor authentication, use Authy or get a physical key.
- Don’t use the same email everywhere. Have a junk email, then a credit card email, then a bank account email. Make them all different.
- Get a password manager like KeePass, Kaspersky, or 1Password. If you can remember your password then it’s not a good password. However, you can have the strongest password in the world, but if you have SMS 2 factor authentication enabled the scammer can reset your password by receiving your text while he has control of your phone number.
Coinbase does offer physical USB security key capability for added account security, but the measure requires users to acquire additional hardware. Security experts say physical USB security keys would protect users from becoming victims of account hacks that occur through SIM swaps, which are occurring with increasing frequency.
On Coinbase’s website, customers should heed the company’s warning notes, “Please be aware that we currently do not offer any phone support with a live agent. Moreover, Coinbase does not respond timely to emails you send them, if you’re compromised. They don’t have customer support via phone or live chat.
9/ Learn how to protect your online accounts here: https://t.co/yg3Pd4YpYo
— Coinbase 🛡️ (@coinbase) August 19, 2021
References:
- https://www.reddit.com/r/CoinBase/comments/gdcgd9/coinbase_account_hacked/
- https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
- https://finance.yahoo.com/news/coinbase-hacked-accounts-get-no-justice-from-horrible-us-laws-fintech-lawyer-113520348.html