Bitcoin Forum

I am posting this in case other people may confront the same situation and could possible avoid it. Also check out what a role coinbase is playing here.

I have a bitcoin account on coinbase and was not able to login however I tried. I got my password correct, but coinbase did not allow login by saying that it was a new device. Coinbase just kept sending me an email for me to verify the new device through the link. Nothing just happens after that and it was a loop of communications leading to nowhere. I tried the verification process by pretending that I do not have the 2-factor verification and try to provide my driver license to verify my account. It accepted my information, but still no result after two week's waiting.

There was no phone number that I could see in this whole process. Today, I tried googling "coinbase phone number". It popped up with two numbers. The first one was authentic, but it will ask you if your account is compromised. If yes press 1. My account was ok at that time and I kept waiting. Then the voice said the volume is high and hanged me off not allowing me to continue to wait. After several times of calling the first number without success, I continued to try the second number (888-4551155) and it went through after several minute's wait.

So I called to solve the problem. The tricky part is that they were able to help me log in! I have NO IDEA how they are able to log in! We were back to the page where the coinbase said that I was a new device and need to verify through email. Then the hackers had some code that claimed to be the "coinbase secrete seed". I do not know why they have such code and why this code could help me log in. I have been so desperate in the recent months and was so happy that finally I got into the system and see my account. Then they took control of the account and sent my coins to their own address. The transaction could be seen here. https://live.blockcypher.com/btc/tx/f0ae7669a0115b53129657d4a2b0ca2f9c730b0835e4848e8cea7743ffb1f7e8/ The bitcoin address that they used was 19n12cDwyfmf6ZpjxGJVvRuZL9BEPdq6Xy

I know I am stupid to be scammed, but there is one question I have no answer: while I was not able to log into coinbase myself by trying all the options that is provided by coinbase, the hacker were able to log in by using some secrete seed. I do not know what that is, but he should have some partial security information about coinbase. I called coinbase about this, it seems they are redundant to take responsibility for the fact that they are allowing other people to help me login. The funny thing is that when I called them, they ask me to press button 1 if you think your account has been compromised. So this time of course I pushed 1 and finally get through after one hour wait on line. Now the true customer service picked up, and after checking my balance to be zero and just asked me: "do you want to close your account?". They do not really care to know what happened!

Hope they can investigate this, because the hackers will do it again. If they can log in coinbase for me, they can do it again and again. When you google "coinbase phone number", their number is still showing up.





===========================================================================================
======================================My Reply on thread #46======================================
===========================================================================================

Thank you to all you guys for the comforting, suggestions and sharing your thoughts. Obviously part of the reason for this to happen is that I am not cautious enough to be alerted about the fake coinbase support. My experience with coinbase was so desperate over the past two years with these email loop and the call to the real coinbase support being hanged off by them for so many times.

There is one big questions still remains unanswered: how could these guys log in? My conjecture is that these guys should have access to some information of coinbase server. Otherwise, it just does not make any sense to me. Some mentioned the fake website that the hackers were using, yet that still does not answer the question. Right now, coinbase is still kicking back the standard information like "the transaction of bitcoin is not reversible", "the coinbase support will never ...", etc. I think it is in everyone's interest to know the answer for this. If you agree with this, please support by replying this thread so that they may finally pay attention and allocate some resource to investigate the possible bug.

Below are some extra information of myself in response to most frequently mentioned comments based on the replies.
1. Never store the bitcoin on a exchange.
I did bought a hard wallet, but I already lost access to my account on coinbase at that time point. I only got the change to log in for one time last Wed and take a peak of my account for half hours before the bitcoins are all gone.

2. I should not give away information to the hackers.
I am not sure if this is the right way to say it or not because I did not give these information to them. I typed the information in my own computer and got stuck at the page telling me about the new device issue. They stepped in and helped me log in. More importantly, to me, they were customer support to me. Especially the moment when you helped me log in, I just taking him to be my life saver rather than a threat. Most importantly, at the worst case scenario that I give away all my information to them: my driver license, my ssn, my birth information, user name & password, my phone in their hand, etc. The question still remains: How could they log in?

3. How did I still keep the cool.
It is not because I am rich. This 7 bitcoins is a huge amount for me. But getting freaked out does not make things any better, does it? I have been facing big losses (not necessarily in terms of money) for enough number of times to learned to calm down and work on the situation at the current moment instead of the past.

Again, thanks for reading. If you have further comments, suggestions and questions, feel free to add them to the thread.

Geez these hacks are becoming a daily occuerance now. I am really sorry for your loss. I hope Coinbase will investigate this. This is stealing from their customers, its not fair and its not right. Let's take precautions people, these hackers are here to take our hard earned monies.

Hackers are now very knowledgeable and skilled nowadays. My myetherwaller was hacked also just weeks ago and the hacker took my altcoins. They took my ethereum, ebtc, ITT and BM chain. I lost 500$ in that day, thus I have to think of another way to lessen the risk of hacking. There are no longer safe haven for wallets this days and so we need to do some preemptive measures to avoid hacking.

First of all you shouldn't be holding coins on any exchange site. I am very confused as to what actually happened, I can't believe they were not able to help you out. ( I have always had good customer support )


So when they would email you and tell you to verify your account, it would still not allow you to log in? Or do you not have access to the email that they were sending the message too?


The hackers were able to help you get onto the account? And then they compromised it or what?


Really strange that the hackers were still able to get onto your account. I think information might be hidden, did you do everything to secure your account? Maybe the hackers called your phone carrier and had them reset your Auth or something? What carrier do you use?

I made a youtube video on security, if you are interested you might want to review it. ( Maybe you are missing something in terms of security )

video : https://www.youtube.com/watch?v=c_e9zKlqngA&t=0s

Hackers are getting smarter. Lets not forget that people working at Coinbase can also be doing scams and hacks on the side without coinbases knowledge. It seems like it was an inside job. Sorry for your loss. 35K  :(

Sorry for the loss, you should have avoided holding such a huge amount of coin in online exchanges, this days those exchanges are prone to hackers, maybe an insider with coinbase connived with an hacker to perpetuate the hacking of your account, because I am very sure you must secured your account perfectly.

Hmm I have no idea how the hackers can login with this secret seed. I think this is the case wherein the whole coinbase system is already compromised. Or maybe you got phished or something because I don't really believed this secret seed or something. I think you need to call them up again and see what happens. It's really sad to see members here's lost their precious bitcoin to hackers. Phished or its a inside job. How about the second number you called btw? Is this a official coinbase number though? Regardless, I think Coinbase should deemed this as real important matter to investigate because its a lot of bitcoins.

Sorry for your loss OP.

I think he raised a very valid point, google phone number of Coinbase will come back a fake one. And the fake one will steal your coin.

Thanks for the heads up, but I am very sorry for your big loss. As any of us here might be shouting already for that kind of amount of loss, but nevertheless we readers and the author should learn from this incident. We might be careless for a while but the truth of the matter is hackers are just waiting for you to make your bad move so be vigilant as always like you depend your life on your coins for we don't know what will be the value of these coins few years from the time of this writing. I really hope that it won't happen to me and to any of my friends and family for it is very hard to establish big amount of bitcoin right now.

I'm very sorry this happened to you. Can you share some more details of what happened?

When you were unable to log in and they sent the verification e-mail, did you actually receive that e-mail with verification link and click the link? Did you share your screen (webex or skype or similar) with the "support" people who helped you finally log in? These are key details. I think I almost understand how you were hacked, but there's not enough detail in your post to figure it out completely.

I kind of don't understand completely. The second number you called were the hackers? If so, then that's incredibly meticulous of them. And scary. They were able to take advantage of coinbase's mediocre support for phishing. I've heard plenty of stories and techniques, but this is new to me. I probably would have called the second number too had I been in a similar situation. This just goes to show that you can never be too careful.

This also shows that if you don't have the private key to your coins, you don't own them. I don't now why people keep using coinbase despite all the horror stories. If you want a free, secure wallet, use Electrum. It's just as simple in my experience.

i think this guy got his host file hacked and he was trying to log in to a pishing coinbase website is the only thing that makes sense to me

Coinbase isn't a good online wallet in my opinion, I also have it but ever since I got an email from coinbase that I have login (where that day I didn't access my wallet) I didn't trust it anymore and never sent BTC to coinbase. Although I never access my wallet in coinbase again, the strange email keeps coming! ha ha. And what I worry about that happens to you, and I don't believe they will investigate of what happened to you. But I'm sorry though nothing can be done.

Feel sorry for your loss. that's a lot of money. I would suggest to log a complaint against coinbase at
https://www.complaintsboard.com/coinbase-b125588. Ofcourse they are not legally binding to repay you but at least others would know and maybe they will react on the fear of losing reputation

That is very unfortunate for you. Big loss, that is why it is important to not keep such big values on online and third party platforms. You are literally at their sake, which is never good.


This was kind of inevitable with ever increasing worth of bitcoin. And its gonna continue to be like that too.

Any new development? This is huge loss. I am very sorry for you.

Coinbase sucks, has very low support. I don't know people still use it.

They might have tried to go after your SIM card or something along those lines, make a copy and then steal your information through whatever other means there are. I know that there were some people on YouTube who had their accounts hacked due a similar scheme, which basically involved getting their SIM card, contacting Youtube and resetting their information, which provided hackers access. This is probably isn't what happened to you, but it might be some interesting food for thought. Maybe contact your cell provider about not giving out information w/o some approval.

Sorry for the loss tho... But your story seems to be somehow... First of all that you got two numbers. First one went through and then nothing worked or so and that the second one worked though it made your account hacked. Now you didn't say if you got this phone numbers from maybe coinbase official blog or CS page.. If you didn't get the numbers from any of these places am sorry to say but you caused it. You caused your loss yourself for trusting phone numbers from illegal sources to help access an account with such amount of coins worth thousands of dollars.. Hope y'all learnt from this

Thats quiet odd for them in able for you to help on accessing your account and the only thing that they are waiting is the email verification access which they lure you in to give them the complete access into the account. Hackers are really skilled enough to do such thing as long they can stole money from other and the heck 7 btc is already a huge amounts.Its sad to know but sorry for your loss man those bitcoins wont really be retrieve and even coinbase dont have the capability on doing such thing.

This.

Don't use Google!

The ads a the top tend to be phishing sites, and in the search results they tend to also list scam sites. You are safer bookmarking login urls, rather than googling and automatically clicking what is at the top (which is sometimes the site you want and sometimes a phoshing ad).

Coinbase is also at fault - they should have listed their phone number on their website, so OP didn't have to google.

Very sorry for your loss. Is there any update? Did you manage to speak to real coinbase support yet?

I am sorry to hear about your loss OP! It was a big amount in my country's local currency. A lot of people can buy a small house with 7 bitcoins in my country. However, you shouldn't have use google any other search engine for coinbase phone number, because their website shows no phone number so I assume they don't have any telephone support system available for the customers. So probably you have been scammed by some hackers and not coinbase. Though it was the fault of coinbase that they don't resolve your log in issue for several weeks. This kind of incidents actually discourage me to use online wallet service. Please make a separate thread in "scam acquisitions" section with the phone number duly mentioned. It may save someone else from being scammed by the same hacker who is enjoying with un-rightfully possessed money.

if this was how OP got socially engineered, that's interesting. it's true that people (including myself) use the top search results to quickly confirm we are entering the correct, legitimate site. i assume the same goes for phone numbers. i google restaurants all the time and order takeout/delivery the same way. if the #2 result is a fake number, we should collectively report the number to google.

the unfortunate thing is that coinbase didn't even have phone support until very recently (the last month or two). so if this is how OP was compromised, this might have been avoided if not for the timing.


it sounds like he was probably socially engineered into giving up his login/password to the hackers. since he had 2FA on the account, i believe this is the "secret seed" he was referring to. this is a term that coinbase actually uses to refer to the 2FA token used to generate TOTP codes: https://support.coinbase.com/customer/en/portal/articles/2820377-2-factor-authentication-2fa-faq

it sounds like the hackers (on the phone with the OP) got him to verify the hackers' device through email while they were on the phone. it's not 100% clear from the OP, but it seems like he probably handed them his login/password, verified their device for them, and gave them his 2FA token. that's everything they needed to compromise his account.

I am very sorry to hear this but that is also why i would recommend a very good wallet like blockchain it is unhackable if you put all the security on even your phone this way a hacker needs to hack your account and phone to actually get to your bircoins.

if you forget what exactly https://www.myetherwallet.com/ address you probably been victim of phishing attack targeting myetherwallet.com
once you uploaded your key on to the phishing site your account can be taken over, you better just use etherscan to check for balance and all and use metamask to do transfer, if you need to use myetherwallet just use it to check balance and never upload anything or give your private key there, myetherwallet probably by now the most phished site on the internet right now, so many people lost money due to attack over there

I am very sorry to hear about your loss. I currently have all of my btc in a coinbase wallet. They announced that the fork would be automatic is the reason why. I will got back with trezor or ledger after fork because of this post.

This is very eye opening. Most of my coins are in offline wallet but I have a small amount in coinbase. Im certainly going to move those out of coinbase after reading this.

Yeah this looks like a phishing attack. But where is the fake Coinbase site at? Or he never accessed a fake site and it was just him calling a phone number and telling them his password and user?

If there was a phone call then he could ask the police to look it up. Phone calls are not that easy to make anonymously, maybe there is a case here.

Also he must have gotten the fake phone umber from somewhere, so where is the website that listed the fake phone number?

These are the 2 things that could lead to an investigation. The BTC transaction is pretty useless, it's too anonymous to trace the money unless the thief are stupid enough to not mix the coins, then maybe you can trace the coins back to some exchange.

Gosh, I', sorry for your loss! But Karma will return you everything it took
Still you need to contact the real Coinbase

Nearly every day we hear more and more stories like this. I'm sorry for your loss op. We all need to be vigilant towards anything like this.

Yeah you should move it or else say goodbye to your hard earned money. This is definitely an inside job in my own opinion. We should not do business with them anymore.

Sorry for your loss.
I am not a big fan of coinbase either. Their 2 FA was not working for me for a while when they did Authy.
I think they are somewhere responsible, because they are too weak, zero support.

this is why I don't use coinbase for a long time ago since I can not found their phone number in their website because one good company will use their real identity to make convince their customer. beside that, if something bad is happen, the customer can contact them with easy without having a problem. but unfortunately, many company and not just in bitcoin only, don't realize this and they don't care with their customer so when there is a problem, they seems take their hands off from the problem.

Hackers are originally skillful and smart dude.
They are always using social engineering techniques wxhixh far more effective than the technology hacking tools.
The safest thing to do is to secure your bitcoin on your own having your private key.

Its scary. Nowadays hackers are targetting exchanges to hack coins.It is getting worst nowadays.Hope exchanges will update their versions frequently so that it will be more secured.

Hackers are niw very knowledgeable and skilled. My MEW was hacked too 3 weeks ago i lost almost all of my token. Since that i always use offline wallet it's more safety than online wallet i thought just don't share ur private key.

But if they actually listed their number in a reasonable, easy to find place, people might actually call it, *gasp* ;D

(Google is notorious for this btw themselves; try to actually reach a human at Google Adwords. There is a number, yes, but its bullshit. It takes you to what is essentially a machine reading off the same help article you just read before you picked up the phone :)

This was a social engineering attack, you got out clevered. I had to reread the OP a few times to understand what went down there, and a few of the comments. All the anitvirus, air gaps and armed guards can't stop shit like this. I think they were able to access your account because they had your credentials, as you thought it was a legit support rep you were talking too). Be smart; if you ever have suspect login issues, contact support via email immediately. Email is free, and they will lock your account or be liable themselves. Its a pain to unlock when you have to do this (you will have to submit veri info), but the alternative is sooo much worse ;)

Every time Bitcoin touches a new high the story of someone being scammed comes out, it's not really surprising, I had my account on coinbase.com to, but then before the fork I learned how many lost thier coins on exchanges and I decided to move out immediately, so I downloaded electrum and it's simply the best, they don't send mails, private key, plus seed you can't ask for more. I am sorry for your loss, but download electrum and this time be safe. And make sure you clean your computer or mobile from where you clicked that mail.

The more of our lives digital technology the more we become vulnerable. I often hear that Android was hacked. Probably there are problems with the security devices which use the Android OS. I heard that during the war in Ukraine via Android Ukrainians figured their location, and Russians used these coordinates to fire. Why hackers can't get around so 2 factor authentication?

Any popular means of storage are not safe, you need to understand this.

I am sorry to hear about your losses, 7 BTC is a not a small amount. I suggest you not to keep BTC or altcoins that you are not trading in exchanges such as Coinbase, Bittrex and etc. Create a paper wallet or get a hardware wallet which cost less than $100 to safeguard your investments.

Just FYI. I had trouble logging into my account, 2FA kept failing. Turned out my phone was set to the wrong time zone (due to an Android update, I suspect). I hope this helps someone else in this kind of situation.

it sounds like there probably wasn't a fake website set up, and that he just gave all his information to them out of desperation and belief that he was on the phone with coinbase support. it's still not clear. but if they set up a fake phone number, it's not difficult to see them setting up a fake website. it could have been set up as a simple support portal (e.g. with zendesk or kayako), like some exchanges have been known to do.


it's pretty easy these days. i can mosey on over to the services or digital goods forums and get some phone numbers set up right now, paid for with bitcoin. burners/sim cards in mail if nothing better -- difficult case to pursue across borders for this amount of money.


apparently it was listed on google.

lesson learned: you should never give passwords/secret tokens to customer support people. exchanges will never ask for this. these are always social engineering attacks.

You should never keep your money on exchanges they are getting pathetic day by day. Did you try to tell them about this situation if they value their customer they might pay you some money which you lost because problem on their site.

You did a good thing by posting it here as lots of people will learn from this and they will know that coinbase doesn't care about their customer at all tough luck mate.

Thank you to all you guys for the comforting, suggestions and sharing your thoughts. Obviously part of the reason for this to happen is that I am not cautious enough to be alerted about the fake coinbase support. My experience with coinbase was so desperate over the past two years with these email loop and the call to the real coinbase support being hanged off by them for so many times.

There is one big questions still remains unanswered: how could these guys log in? My conjecture is that these guys should have access to some information of coinbase server. Otherwise, it just does not make any sense to me. Some mentioned the fake website that the hackers were using, yet that still does not answer the question. Right now, coinbase is still kicking back the standard information like "the transaction of bitcoin is not reversible", "the coinbase support will never ...", etc. I think it is in everyone's interest to know the answer for this. If you agree with this, please support by replying this thread so that they may finally pay attention and allocate some resource to investigate the possible bug.

Below are some extra information of myself in response to most frequently mentioned comments based on the replies.
1. Never store the bitcoin on a exchange.
I did bought a hard wallet, but I already lost access to my account on coinbase at that time point. I only got the change to log in for one time last Wed and take a peak of my account for half hours before the bitcoins are all gone.

2. I should not give away information to the hackers.
I am not sure if this is the right way to say it or not because I did not give these information to them. I typed the information in my own computer and got stuck at the page telling me about the new device issue. They stepped in and helped me log in. More importantly, to me, they were customer support to me. Especially the moment when you helped me log in, I just taking him to be my life saver rather than a threat. Most importantly, at the worst case scenario that I give away all my information to them: my driver license, my ssn, my birth information, user name & password, my phone in their hand, etc. The question still remains: How could they log in?

3. How did I still keep the cool.
It is not because I am rich. This 7 bitcoins is a huge amount for me. But getting freaked out does not make things any better, does it? I have been facing big losses (not necessarily in terms of money) for enough number of times to learned to calm down and work on the situation at the current moment instead of the past.

Again, thanks for reading. If you have further comments, suggestions and questions, feel free to add them to the thread.

Sorry to hear that. 7 bitcoins is a huge amount. Lesson learned and you need to be more cautious and extra careful next time. Im hoping you can earn again that amount in a short time. Hackers are everywhere. Last time my MEW also got hacked. Im thankful that my Mew has only small tokens that time. Nothing is safe online so we better be more careful always.

Just recently a friend of my cousin loss all his token. His account was hack by someone. He was depress until now because he work hard for those tokens. Then all of a sudden it was gone.

This is one of the reason why we should not store our large amount of bitcoins in an online exchanges as security is not totally guaranteed for now, 7 btc is not a joke I cannot earn this amount of money from my salary even in 2 years just be very careful in signing in your bitcoin account online always double check the website it must always begin with https encryption., i cannot say hackers are really smart because hackers are totally really2 smart you will not become a hacker if you have no nothing about codes.     

Bloody hell. That is susch a huge amount of money you Lost. Damn hackers. Can't fucking do other shit than be lazy and steal other people's hard earned bitcoins. I really am sorry for your loss. Losing that kind of money would make me want to kill anyone responsible. Sad thing is you can't find who really was responsible. Which is more frustrating.

But damn bruh,  you really made a big mistake puting big amounts of money in an exchange. Plus using google to get the number of coinbase. . Jeez.. but thanks for sharing this though, a lot of people can really learn from your experience.
I hope somehow you get back what you lost in any way. And i wish karma runs after whoever did this to you.

Sorry for your loss, man. Having 1btc is a big deal for me and I have to work hard for it before I came up with that amount. And thinking that someone will just hack it from my wallet is really devastating, what more if I have 7btc. But anyway, thank you for your information it help us to be more vigilant. Maybe next time you have to get you a hardware wallet instead of putting it in an exchange. Because the risk of hacking is really high in any exchange.