Sunday, February 14, 2021

Coinbase Account Compromised WHILE IN ACCOUNT (Others as well) - Funds transferred soon as I logged in via 2FA. Coinbase support has gone silent. Detailed outline in post.

This is a very alarming situation and a serious warning to others that may be at risk, which still hasn't been resolved by Coinbase and appears to have been ignored now:

I, along with at least one other, have had our Coinbase accounts as soon as we logged into the site. Funds instantly have transferred to other wallets. Unfortunately, after my initial post here (link below), Coinbase has ignored all my emails since, when I started to probe further.

Here is the sequence of events:

On February 1st at 9:56 PST I logged into Coinbase and verified my login via 2FA. After a few seconds, I noticed my balance was decreasing. I refreshed, assuming it was a glitch. After refreshing again, I noticed it continued to decrease. I quickly realized that there were outbound transfers, which were confirmed by emails. I quickly logged changed my password, logged out, and called the Coinbase number to disable my account.

I viewed my email logs, to see Coinbase sent me transaction 3 separate transaction emails:

1st time-stamped 10:00 PST - Sending ETH balance to a wallet.
2nd time-stamped 10:01 PST - Sending LINK balance to same ETH wallet.
3rd time-stamped at 10:06 PST - Sending BTC balance to a wallet.

I emailed Coinbase support (see original thread link) and they started to reply, with the standard, basic emails directing me to change my password. The initial 2-3 replies were all ------within a 24-hour time frame.

I tracked the wallet addresses that the funds were transferred to, which both the ETH and BTC wallet showed were created on Jan 22nd. The BTC wallet on BitcoinWhosWho had another comment from a user which stated:
-----------

Scam Name
URL
Image
Date

Somehow got my funds after i deposited them into my Coinbase wallet.
Jan 29th, 21

-----------------

While waiting for Coinbase replies, I had a computer forensic professional review my computer for suspicious activity/logs, which were negative.

When Coinbase did reply, they sent the activity log, which showcased the transactions were actually not minutes apart, but all appeared to be instantaneous. Their logs also confirmed that the transfers were made from my computer/IP address. The logs provided showed (x'd out amounts and wallet ID's out for privacy):

2021-02-01 9:56 AM PST: a signin was completed
2021-02-01 9:56 AM PST: 2FA Authenticator security code was confirmed and verified
2021-02-01 9:56 AM PST: xxxx BTC was sent an external account at xxxxxxxxx
2021-02-01 9:56 AM PST: xxxxx LINK was sent an external account at xxxxxx
2021-02-01 9:56 AM PST: xxxxx ETH was sent an external account at xxxxx
2021-02-01 10:00 AM PST: Send money notification email sent to sender

This was the last update that Coinbase has provided me. My requests have been ignore since I've requested details on the timestamps, inquiring if they have down to the exact second that activity was made, as it's nearly impossible to manually signin, open 2FA, confirm 2FA code, open 3 separate crypto wallets and transfer to external wallets, all within 60 seconds (9:56 PST).

I've also been ignored inquiring if there is an open API's enabled on my account that may have triggered some sort of automated transfer triggered by a login. These requests have gone ignored and I've been told to login from a new computer, reset my computer, and I can see then any API's enabled....which means remaining funds that were in progress of me transferring into the account before I disabled it would now trigger and send as well, putting me in a lose/lose spot.

To confirm I've never spoken on the phone with anybody pretending to be Coinbase, nor have I given my credentials to anyone else (or did anyone else have access to my PC). The logs confirm they came from my PC/IP immediately after logging in, which appears to be the same as the other user's issue.

My account is still disabled with no responses from Coinbase. Please be warned that this could happen to you and I'm still trying to get answers and figure out what triggered this, given the sequence and the wallets the funds were sent to still appear to be hitting other accounts.


No comments:

Post a Comment