Also, these complaints have reportedly been piling up since last year. One user notably informed the SEC back in November 2017 that they had deposited 10 bitcoins in their Coinbase account, and were then locked out from their account. The customer stated:
“I am prevented from selling, buying, transferring or accessing my property and also cutoff from all transaction history and other information. After repeated prompting via emails and phone calls, Coinbase advised me that I am locked out of my account as a result of a security software error on their end and that they would look into it. That was a month ago.”
The customer also revealed that Coinbase was not responding to their complaints, and seemed to be focusing a lot more on expanding their operations instead of properly serving their existing customers.
When contacted to address the serious issues, a Coinbase representative said that due to a dramatic rise in the popularity of cryptocurrencies, the exchange has been working really hard to accommodate and better serve their growing number of customers. The representative noted that in 2017 there was a “profound uptick in mainstream awareness and growth” of digital currencies. This, the spokesperson claims led to a “40x” increase in demand for the company’s services, while also experiencing a “295 percent” increase in daily transactions during November and December of 2017.
Complaints Piling Up Since Last Year
It’s true that the cryptocurrency market reached record-level highs toward the end of last year, and it is understandable to be overwhelmed by such a dramatic rise in demand.
However, the exchange seems to be acting quite irresponsibly to meet such a challenge.
Once the user enters the 2FA code into the fake website, the attacker immediately receives it and logs into the legitimate account, thus gaining account control.
Diverting Funds to Threat Actors
Once the threat actor has access to the account, he or she proceeds to divert the user’s funds to the aforementioned network of accounts via a multitude of transactions in an effort to evade detection or raise suspicious.
“These funds are also often embezzled through unregulated illicit online crypto services, like cryptocurrency casinos, betting applications, and illegal online marketplaces,” researchers added.
Meanwhile, at this point the unwitting victim will see a message informing them that his or her account has been locked or restricted–not unlike the initial phishing email that prompted the entire malicious transaction.
“Our estimates place a majority of the pages at being available on the internet for less than two hours,” which in some cases did not even allow PIXM researchers to perform desired forensics once they were alerted to an attack.
This, among other techniques like context awareness and 2-factor relay, allow attackers “to keep prying eyes from digging into their phishing infrastructure,” researchers noted.
Context awareness in particular is a stealthy tactic because, like short-lived domains, it makes it difficult for security researchers to follow-up after the fact by obfuscating phishing pages, according to PIXM.
This tactic allows adversaries to know either the IP, CIDR Range, or Geo-Location from which they anticipate their target or targets to be connecting.
Cryptocurrency exchange Coinbase is considered by many to be one of the most trusted and widely used trading platforms. Currently, it only supports Bitcoin, Ether, Litecoin, and Bitcoin Cash and is quite selective when it comes to supporting additional cryptocurrencies on its exchange. Recently though, Coinbase has been heavily criticized by its customers.
Notably, 134 pages filled with customer complaints have been sent to the US Securities and Exchange Commission (SEC) and the California Department of Business Oversight.
Information obtained from a Freedom of Information Act (FOIA) process has revealed a number of disconcerting complaints. One customer complaint reads:
“I have sent 17,023.00 from my Coinbase account to another Coinbase account on 12.21.2017. The other Coinbase account never received the funds as of 1/16/2018.
However, while Coinbase does not appear to have been responsible for the initial data leak, which enabled the first stage of the attack, a crucial flaw in its authentication process was to blame for the unauthorized account access.
“Even with the information described above, additional authentication is required in order to access your Coinbase account,” it continued.
“However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
Coinbase, the world’s second-largest cryptocurrency exchange with tens of millions of global users, said it would reimburse customers the full value of their losses.
However, after going through many of the complaints, it is evident that there have been some very strong allegations made against the San Francisco based exchange. One customer has said that they have lost $5,000 due to some system error. The user even alleged that, “I believe the company is holding my funds to make money on top of my investment.” Moreover, many other Coinbase users claim that their funds are purposely being held by the exchange for unknown reasons.
Coinbase “Acting Criminally”
One of the most serious allegations against Coinbase is that the company has been “acting criminally” while another customer claims that the exchange has “stolen” most of their “life savings.” Many users also say that they have contacted Coinbase numerous times in order to talk to a company representative, however, they have only gotten back generic form emails.
Threat actors are making their way around two-factor authentication (2FA) and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances.
Attackers are using emails that spoofed the popular cryptocurrency exchange to trick users into logging into their accounts so they could gain access to them and steal victim funds, researchers from PIXM Software have found.
“They will typically distribute these funds through a network of ‘burner’ accounts in an automated fashion via hundreds or thousands of transactions, in an effort to obfuscate the original wallet from their destination wallet,” the PIXM Threat Research Team explained in a blog post published Thursday. Coinbase is a publicly traded cryptocurrency exchange platform that’s been around since 2012.
US cryptocurrency exchange Coinbase is facing a backlash from its users after notifying them that at least 6,000 customers had their funds stolen by hackers.
The “third-party campaign” took place between March and May 20, 2021.
“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox,” the firm explained in a breach notification letter.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.
I have contacted Coinbase over 7 times and all they say is that they have so many issues, they will get back to me and it is been a month.”Coinbase customer
Meanwhile, another unhappy customer notes:
“Coinbase has been in possession of my funds ($21,000) since August 30th, 2017. They have effectively stolen my money at this point. They have no way to reach them by phone, and they are ignoring my repeated attempts to resolve this matter.”
Gross Mismanagement of User Funds
After reviewing most of the complaints, Mashable reports that Coinbase appears to be struggling to keep up with the increasing demands of its existing and new users.
The names of the customers who filed the complaints and their other personal details have reportedly been removed by the SEC from the complaint documents provided to Mashable.