Crypto Nightmare: Coinbase Users Phished and Robbed

CNBC released reporting about Coinbase users falling victim to phishing attacks and subsequently having their cryptocurrency accounts drained.

Image from CNBC’s Crypto Nightmare reporting

Despite the headline of the reporting “Crypto Nightmare: Hackers hacking Coinbase”; no attack on Coinbase itself is included in the reporting. What actually happened was a cryptocurrency investor with a very sizable and valuable cryptocurrency portfolio (assets valued at over $1,000,000 USD) fell victim to a common SMS phishing attack. Within minutes the victim reports bitcoin valued at over $700,000 USD was transferred from his account.

From a basic personal cyber security perspective the victim of the attack in the reporting seemed to know that he should not have selected the link that appeared via SMS. The victim’s complaint was that he or his wife should have been able to call Coinbase and speak with someone there immediately to thwart or reverse the attack. But at the time Coinbase did not offer customer support over the telephone; only by email.

Now in the reporting the victim says that friends suggested that he move some of the crypto assets to cold storage. Unless you are moving monies in or out of crypto currency is it reasonable to leave assets valued at more than $1,000,000 USD in a Coinbase account? Moving crypto assets to cold storage on a Ledger or Trezor hardware wallet is not without some risk (that the USB device could fail over time). The folks at Coinbase have published some pretty complete documentation on how to secure your account and protect your assets (don’t know when this was updated). And Coinbase does now offer a Vault capability that according to the documentation requires multiple email exchanges before assets would be transferred.