Bitcoin Forum

Another example why using central exchanges is risky. The hackers knew private data of the users. One corrupt employee or one successful hack and bad guys capture your email, home address, phone number and sell it to local criminals who might knock on your door then best encrypted wallets are useless. Cryptocurrencies are designed for peer to peer usage. If you change it into peer to bank to peer then this adds some risks.

https://www.reuters.com/business/finance/coinbase-says-hackers-stole-cryptocurrency-least-6000-customers-2021-10-01/

We become more vulnerable to hackers knowingly or unknowingly because they learn from constant experiences and regular practice. To not fall prey of vipers like this extra caution should always be taken. Imagine one using same password for all the email accounts he has, and all the accounts he has online. When one account is attacked, the rest gets vulnerable.

Some points before people starts panicking:



Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.

The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.

I am not a Coinbase user but I have seen some people in the United States on social media wondering where to invest safely.
According to the article that OP shared:
It is strange that this news has spread so far. We still need to improve security on these exchange sites that are necessary for users.

Not that strange, these media are showing past incidents for a sure agenda and that's to give fear to the people that are new to this.

They are the ones that have to improve security and I think that they're doing that but it's just that they have to continually do that. Because these hackers are also improving and finding every possible loophole from their systems.

I would think that if the leak was coinbase the numbers would be much higher.

Thinking about it more, and the fact that they are mentioning a SMS gateway issue I am drifting towards the opinion that the issue was with a bad SMS implementation that allowed messages to be sent to non phone devices (google voice and the like)

Bit of background, SMS providers can tell MOST of the time if your phone is a real cell or something like google voice and for security reasons not allow you to get SMS messages to those numbers. Even Microsoft does this, I can get recovery texts to my cell, but not my Google Voice or our office VOIP line. I can get normal texts to them all day every day. I have 2 banks 1 will send the SMS to my GV number, the other tells me it's not secure.

So, if I got access to your gmail account (picking on them I am sure there are others that have linked email and phone numbers) and you had your SMS access /recovery phone number set to the google voice number that was linked to that account. Well, it's all over for you. I can reset your Coinbase password, get the SMS, take your money any leave. All with just getting the password for someones iamadumbass@gmail.com account.

All because Bob in security forgot to click the checkbox that said, disallow VOIP numbers.

-Dave

I think that this is the most important point. And my logic was that "only" some 6k had the same password at Coinbase as for their email.

The rest... yes, you're right. Coinbase simply didn't care to make it better/proper... or pay for auditing what "Bob in security" did there.

No, what I was saying was that if Bob screwed up, and you had google voice (once again picking on them could be many other providers) I did not even NEED your Coinbase password.
1) I get access to your email
2) I see you have a coinbase account
3) I see that text messages are coming into your email.
4) I send a password reset request, it sends a text to your email, which I am reading. I then can reset your password and go on my way with your money.

This is why what @o_e_l_e_o pointed out here is 1000% correct for so many reasons. https://bitcointalk.org/index.php?topic=5363669.msg58083653#msg58083653

SMS is not AND NEVER WILL BE SECURE.
And adding
Using a SMS to email or other gateway is even less secure then totally not secure. Is there such a thing as anti-secure?

-Dave

Well, the good thing here is Coinbase refunded the lost amounts to its affected customers. Now, those customers who knew that their respective credentials are compromised should change their passwords or secure those info related to this hack. This also proves once again, that storing funds in exchange is not a very smart idea to do. Even top exchanges with high security as they say, can be penetrated by these hackers. Hacking softwares are getting sophisticated and so they need to upgrade their security level also.

I agree 100% on this. But where would the hacker get from 6k email addresses and their passwords too?
Imho they've got them from Coinbase DB.

If they would have tons of hacked accounts, they would have stolen money from many more people (just because many still don't use 2FA).
Of course, Coinbase using SMS for 2FA was a setup asking for a disaster. And I come back to what I wrote: a proper security audit should have revealed that.

Did news of the hack appeared just now or is it Reuters recycling old news to try to create FUD or something? If it is the former then it is interesting that we are only finding about the hack right now, while if it is the latter then I wonder if they want to create FUD and slow down the market that way, anyway we all know what it must be done to avoid something like this, if you have to use exchanges then do so but never leave your coins there as they are too big of a target and hackers are always trying to find a way to get to your coins, so by leaving your coins there you are running the risk of being robbed by the hackers or the exchange itself.

Coinbase is a registered exchange and i believe they are insured and i do not think the end users will be loosing their coins. No one in the right sense would hold their assets in centralized exchanges or wallet as they are always prone to attack and if they are not taking care of their security seriously or incompetent to handle the security the end user will suffer. Sad to hear about another major hack yet again.

One of the main reason I do not like leaving any of my coins on an exchange. It is harder to get away from now for many people who are using the exchanges to store coins more often now with all the interest-earning and staking offers but the risk level makes me very uncomfortable.

No matter how safe they tell you their exchange is, do not store your assets there! At least not for long. No matter how protected they claim to be, as long as there are much users on that exchange, they will forever be a target; hackers will keep on trying what they can. Meanwhile, you're not placing a bet with your money if they can hack it or not. So, for your mind to be at peace and for optimum safety of your money, use a decentralized wallet to store your crypto assets.

This is really unfortunate news that I came across today too. When it comes to cryptocurrency exchanges, they can't give you any guarantee that they will have zero security flaw in their system. There will always be a hole waiting for the hackers to find out. If they are successful, then they will be able to access people's data and assets. Or maybe an employee that works at that company will give the sensitive information of people to hackers in exchange for a lot of money etc.. People should always act carefully because of this.

Back 2 MTGox Syndrome. Everyone knows Central Exchanges are not secure. If it is not for security flaws it will always be human hands. Hackers will also be at the exchanges tails to try and get their way so it's up to companies like Coinbase to better pick their employees and invest in cutting edge security technology to stay one step ahead.  

When we think of securing our cryptocurrencies on central exchanges we need to go through the features available and its previous history of hacks. I'm not completely against central exchanges, because when you're into central exchange you'll get the best support than Dex. Another thing these central exchanges takes responsibility of the users holdings. During the previous hack with Binance, it settled all its users from its own reserve fund to have its reputation.

yubikey. nothing moves in or out of coinbase without it. problem solved.

https://www.yubico.com/works-with-yubikey/catalog/coinbase/

https://www.yubico.com/works-with-yubikey/catalog/google-accounts/

gmail and coinbase both secured by a physical key only you have.

edit: not affiliated with yubikey in any way.. it just works

SMS based authentication has been known to be vulnerable for some time. I do not understand why this is still an option on Coinbase. We have already seen hundreds of thousands, if not millions, of dollars stolen from customers' accounts through SIM swapping attacks. They should have done more to protect their customers and I hope that they will cover these losses for the victims who were hacked.

They are going to compensate the 6000 victims, however, Coinbase didn't disclosed how much money was hacked due to their faulty SMS security feature.

And then they didn't disclosed this to the public directly, their reason is that they don't want to pre-empt the investigation.

But I do agree that they should upgrade their security features and us using safe practice to protect our accounts.

I wonder why there are so many cases of hacks in cryptocurrencies compared to banks. Coinbase moves considerable amounts of money to be able to spend significant amounts on security. If it was what DaveF says about SMS, it seems silly but Coinbase should not have hacks for stupid things like this.

I guess hackers put more effort into trying to hack cryptocurrencies because if they manage to steal them they can transfer them unhindered by anyone and making you lose track of them very quickly.

I heavily use Coinbase, since their user interface and features are actually great, although I still have worries of having my account getting hacked, I'm actually glad that my Coinbase account did not get breached. It could either be a breach under Coinbase's DB and since they were able to breach through their 2FA feature, anyway, I think I'll consider switching wallets or at least not let my holdings stay here for a long period of time.

I think coinbase need more smarter people, if counbase is under government supervision then coin base should take responsibility. This is a very bad news, image of cryptocurrency can be negative among other people. I hope those hackers stop do criminal act. I think their skill can be used for many positive things rather than do crime. But I still like to use cryptocurrency, I think it is safer to save money, if we bring a lot of money in the street without good security then we might be get robbed.

We already know Coinbase sell user data to third parties, but I think this is unlikely. Selling a name and associated bitcoin addresses is one thing; selling passwords is another.

This of course makes it incredibly easy, but even just access to your email account is enough even if your SMS is linked to your phone. If I get in to your email account - somewhere in your inbox or your outbox I'll probably be able to find your phone number, your address, your date of birth. Maybe you've got some electronic bank statements, rental agreements, car finance, etc., where I can get even more info about you, like your SSN. That's probably enough info for me to convince your carrier that I am you and transfer your phone number to my device and start receiving all your SMS messages.

Database hacks and leaks from other companies. https://haveibeenpwned.com/Passwords has 600 million accounts and passwords in their database. Too many people use the same password across multiple (or even all!) accounts.

No. Coinbase itself won't sell passwords. But there's a chance an employee (or ex employee) could have done that.



Wow, I didn't know the number became that big.
However, if it would have gone on this path, I'd expect some of other exchanges' customers have the same problem - at least those with no 2FA set.
Of course, we can only speculate on where the hacker got from the e-mail passwords. Some still keep an awfully lot of useless mails and sensitive data in their mailboxes, but scanning so many mailboxes to find out whether they're Coinbase customers or not may not be a small job (of course, it can be automated for some of the servers).

Keeping your money on an exchange certainly does make you an easier target, but some people simply do not have the ability to store their cryptocurrency safely in any other way. They might not have access to safe storage along with a personal PC, but want to purchase and hold it. In theory an exchange can be much safer than a private PC which could be vulnerable to viruses or even hardware failure - this sort of redundancy will be built into the biggest exchanges who can have vast security teams covering many different aspects. While it is devastating for the 6,000 affected individuals, the fact that it is not a complete loss of millions of accounts and is fairly concentrated to the low thousands is somewhat commendable.

They do, just not all at the same time like this, since this attack involved both a leak of data and a security exploit in Coinbase's SMS systems. Exchange accounts get hacked all the time, especially if they are using no 2FA or weak 2FA like SMS.

It would be pretty trivial to write a bot which would log in to every Gmail account (for example) you had credentials for and then run some quick searches for "Coinbase", "Binance", "Bitfinex", etc. Also, the email and password leaks could have come from a crypto related service. If some faucet, ICO, bounty, etc., leaks or sells a database of 10,000 users, then you can be certain that the vast majority of them will have an exchange account, and knowing the kind of users who sign up for bounties and airdrops, probably a far higher than average percentage of them reuse the same password across all their accounts.

Well you know the saying... Not your keys, not your money.

"Where to invest safely"? Easy, buy bitcoin, send them to your cold wallet, done.

A "cold" wallet is just a piece of paper with a bunch of words written by your own hands. If you are surprised of this, you need to learn more.

Anything online is at risk. A cold wallet is offline, you can only send money to it, nothing else. Until the day you need to spend some of it, then you temporarily (and securely) restore it to move a small sum out of it to a normal "hot" wallet.

When they said you are now your own bank they weren't kidding. Give your money to others, and you risk getting it stolen.

Never been a good idea to store your funds into an exchange whether it would be Binance, Coinbase or any another known exchange. These people who kept on doing probably have learnt it when they're affected on it. Not just all about the funds but as well as the information that they've sent to it. Every hack that happens it only shows that they have vulnerability, Coinbase is rich and they'll upgrade for sure and increase their security to avoid this to happen again.

Its really important to realise that exchanges are for exchanging FIAT/Crypto, not for
long term storage of either.

Dont use gmail and change up your passwords regularly, dont have google conveniently
remember your passwords for you, these should be a very minimum. The trouble here seems
to be the SMS verification functionality.

The trouble with KYC and AML is obviously we trust exchanges with our personal
information.

Very informative thread and info from DaveF, NeuroticFish and o_e_l_e_o

how will people do day trade if they don't leave the asset on the exchange? doing withdrawals every day has a high cost because you imagine that the person withdraw the coin and at the same time the price is falling, indicating a good chance of buying? It is the exchange's responsibility to have good security and pay customers when the exchange is stolen. this is a risk that everyone who day trades will have to take

It is the responsibility of the exchange to take care of the clients assets and if some of the exchanges prove that they are not capable then as investors and traders you need to move out to other exchanges rather than sticking to them thinking that they would change. Coinbase is a huge company and they are worth billions of dollars if they cannot take care of security then what is the point in trusting them in the long run.

It is really sad that people still tend to put their money in centralized exchanges. If it is that big then at least try to put it on your own wallet and then just try put out what you need in case you want to cash out. Do not put your money to exchanges even if they say their security is so tight. You will never know what might happen in the future. You will never know if the exchange you trust suddenly decides to run away with your money.

To be fair using centralized exchanges is inevitable for anyone who wants to either buy bitcoin or trade it and the risk is known to these people. What we warn people about is storing their coins with a third party including but not limited to centralized exchanges.
Until we get better and more popular decentralized exchanges we will continue seeing news like this.

I absolutely agreed that an insider is directly or indirectly involved in what lead to the hacked wallets of coinbase users, it has become glaring that centralized exchanges can never be reliable and trusted in storing coins, past hacking events related to CEX has proven that reliability of those type of exchanges is very risky, because some of their scrupulous employee who can never to trusted will surely compromised, I think experienced crypto enthusiast knows the implications of hodling their coins in CEX exchanges it's up to every newbie to research on ways of securing their coins too.

This is scary, I have some considerable amount of my tokens in Binance and I am definitely risking those coins from being atolen because I don't have any hardware wallet and the hardware wallets that store those tokens are so expensive and a lot of the tampered ones are spreading online, being sold to unknowing newbies.

therefore we can divide it into several baskets, so that at least it can minimize the risk. Hacking is nothing new, but we must be careful ourselves to secure the assets we have. many of them ignore this little thing, and in the end it is very risky

Thats why i don't want to store my assets into exchange even tough most people call coinbase is the best exchange in the world it still very risky to store our aseets into it. I personally store my asset on MEW, i think MEW is the best platform for us to store our asset.

The lesson that we could learn from this big exchanges is no guarantee to be safe. People still have mind that popular and big exchange is safe because they have the best security but the reality is, the good hackers are targeting big exchanges instead of mediocore level exchanges.
As an investors we should just sent a few of our balance to trade on exchange wallet if we want to trade and never save balances too much on an exchange because that could be targeted by the hackers

If you want to day trade, then that is the risk you have to take. You would hope that most people day trading any significant amount of money are sensible enough not to try to secure their account with something as insecure as SMS, though. The fact that Coinbase even still offers SMS is very poor on their part.

A Ledger Nano S or a Trezor One both cost around $50 bucks. If you ask in their respective subreddits for a referral code, you can usually get 20% off that. If you wait for Black Friday coming up in at the end of November, then based on previous years you might be able to get up to 50% off. This really isn't a lot of money to spend for financial security, especially if, as you say, you have a "considerable" amount of money on Binance. If it is more than you can afford to lose, then get a hardware wallet.

Based on the time/period that it took place, I wonder why they didn't make a "public" announcement about that incident? ::)

---

BTW, for those that would like to read the Coinbase letter without having to download the PDF file, you can refer to the following link instead ^{["Coinbase notification"]}: Hackers rob thousands of Coinbase customers using MFA flaw (https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/)

I remember reading a bunch of hack reports in the past few months but looks like this is the first time that they've made it somewhat public:

• Coinbase Users Say Crypto Start-Up Ignored Their Pleas for Help (https://www.nytimes.com/2021/03/24/technology/coinbase-bitcoin-complaints.html)
• Coinbase account hacked and drained of $170,000 (https://micky.com.au/coinbase-account-hacked-and-drained-of-170000/)
• MY ACCOUNT COINBASE ACCOUNT HACKED FOR $120,000 (https://www.reddit.com/r/CoinBase/comments/nh06if/my_account_coinbase_account_hacked_for_120000/)
• Coinbase slammed for what users say is terrible customer service after hackers drain their accounts (https://www.cnbc.com/2021/08/24/coinbase-slammed-for-terrible-customer-service-after-hackers-drain-user-accounts.html)

The one thing that we can do to prevent the hacker steal all of our money is not keeping all of the coins in the exchange and it is better to send it to a private wallet that we can control. We can send some amount of money to the exchange just to trade while we still keep the big amount in other wallets so when the exchange getting hack, we still have the other coins and can continue to trade in the other exchange that will be safe from a previous exchange. We are already told that always be careful to keep the balance in the exchanges because there will be a risk.

Hackers or hackers are known to exploit flaws in the company's SMS account recovery process to gain access to customer accounts, and transfer funds to crypto wallets not associated with Coinbase, coinbase immediately fixed the flaw and have been working with these customers to regain control of their accounts. and replace their lost money, this should be an example, because coinbase is ready to make up for the loss of its customers..

How many years has Coinbase been in the cryptocurrency trading industry, and the exchange still, gets hacked, goes down/offline during periods of high traffic, and continues to list shitcoins, giving them legitimacy. DON’T USE COINBASE.

Can't you invest a small part of your "considerable amount" to improve the safety of your digital assets? The cheapest hardware devices sell for $50-$100. That's a one-time payment for the whole life span of that device. When you think about it, if you withdraw Bitcoin twice from an exchange like Binance, you would be asked to pay withdrawal fees of around $50 in total. That's already the value of a Nano S for example.

Don't buy hardware wallets from unofficial sellers online. Purchase them from official websites or affiliated and official resellers. If a reseller is located close to your place of living, you will have an additional advantage of not having to ship the gadget to your home and have the company store your personal data on their servers. 

coinbase was hacked, it's really a pity, the coinbase must immediately fix any shortcomings, so that in the future something like this doesn't happen again, and doesn't disappoint people who have been loyal to storing in coinbase, even though the coinbase is willing to pay compensation, but the coinbase should immediately fix their shortcomings..

Coinbase was not hacked. The coins they had in cold wallets and hot wallets are all safe. Some of the user accounts were hacked, as the criminals exploited a common vulnerability. And as far as I know, the criminals stole coins from other exchange users as well, but they are yet to confirm this. The hackers made use of the SMS account recovery process that is being used in Coinbase. There are several other exchanges that use the same function. Anyway, most of the customers have regained access to their accounts and Coinbase has issued a statement clarifying that it will reimburse the losses (although I don't think that they have the liability to do so).

this is the reason we must all have Ledger or Trezor wallets to keep safe our funds because we cannot trust exchange that big as they are the main target of hackers scammers .
meaning all of us are in the circle of target if we will put our money inside exchange for long term,just use exchange once you need to trade.
then after best to withdraw and keep safe in your wallet that you hold the Keys.

Not a must to have ledger or trezor, but even if you are using electrum, you can already be secure if you know how to secure your keys. Not all crypto users can afford to purchase those hardware wallets. There are other cheaper ways how to avoid possible hacks without purchasing hardware wallets and it has been discussed here in the forum over and over again.

Sad to say that no matter if these centralized exchanges have improved their security system, these hackers are just one step ahead by knowing how to counter that restriction.

I do have a Coinbase account but never used it for years and have zero balance as of this time. It would be stressful for me if I am one of those 6000 being victimized by that hack.

Who said that Coinbase is the best wallet? Losing to hacks and cyber attacks these past few years isn't really making anyone believe that Coinbase is the best one there is. The best way to store them is through hardware wallets or other offline wallets so you can be assured that your crypto will be secured.

Yes, that's how the game is here in crypto, criminals are always one step ahead of the game. It is us that keeps on adjusting, and then hackers will find another loophole, exploit it, going to be cyclical. The only weapon for us is to really learn and educate our selves how to protect our assets.


Good for you, but for those who have lost their money, Coinbase says that they are going to compensate them, not sure if it's going to be in portion, or just one drop.

Plus the owner of Coinbase, Brian Armstrong, is truly anti-Bitcoin deep inside of him. He has supported ALL “proposals”, which are actually ATTACKS on Bitcoin, like Bitcoin XT, Bitcoin Unlimited, and he signed the New York Agreement for a hard fork to Segwit2X, another attack on Bitcoin.

The exchanges are already in the custody of your private keys and whenever they want to become a scam they can shut down operations with million dollars scam as we have seen in the past also.The hackers usually push malwares and got access to the users private keys and you all know the funds are then not yours.These types of news are not new exchange are prone to risk of such hacks.

When market conditions are starting to recover, it is surprising why there is news like this.  If crypto players are not wise in reading the news then it will be very clickbait to become a bad issue for the market.  Meanwhile, if you read it in its entirety, they accumulate cases of customers who were hacked for several months and have passed.  Equivalent to big exchangers in the US, why is this always repeated, do they not have any risk mitigation and maybe this is just a form of speculative bookies.

That's not the first time when we hear some centralized exchange is hacked and it's not going to be the last time to see such news regarding these exchanges. Since the security is never complete there is always a security hole, any website or exchange can be hacked and is the possibility is real. That's why I always keep my assets in my own wallet instead of exchange and usually I suggest my friends do the same thing because not your keys, not your coins.
 

like the op said , the hackers can sell your info into the other criminals. you may not loose any of your cryptos from the hackers in the centralized exchange your using but you could hand them out easily once the other criminals get inside your house and point deadly weapons at you .  
the best solution is dont use any centralized exchange at all  or if possible supply fake details when using a centralize exchange , some wont require a kyc tho .

Yes, this is not a recent news so why the reuters published it on 2nd of October. I could see it was a failed attempt to create a panic in the market. I understand that coinbase data getting hacked is not a good thing but for me there are some hidden agenda by publishing this news at this time when market is booming.

Well, for all intent and purpose... Coinbase has acted like a Bank for a long time.. and Banks get robbed. They also have a long history and reputation for shitty customer support, so I will not put it past them.. that one of the people from the inside.. leaked the data.

The question is.... Why has this been swept under the carpet for months? They obviously did not want the bad publicity and/or it was a inside job and they covered their a$$es.  ::)

It  wasn't. They notified folks whose accounts were compromised and dealt with it. The only new thing is that Reuters decided to (again) make it 'news'. Must be a slow week for them?

Exactly right. You would think after the Mt. Gox hack, the Bitfinex hack, the Binance hack (https://swotverge.com/biggest-bitcoin-hacks-in-history/), etc people would learn to stay away from KYC, centralized exchanges, especially considering Satoshi's vision for BTC (see sig).

Here are some decentralized alternatives (https://bitcointalk.org/index.php?topic=5358678.0) to centralized exchanges.

My guess is that they didn't want the bad publicity because Coinbase stocks were launched around that time so the bad publicity should have done a significant damage to the stock's price. At the end of the day, this just shows that it's always better to take responsibility for the safety of your crypto assets. Putting them in the hands of these centralized exchanges makes it more prone to attacks since these platforms are hosted on centralized servers which can be hacked or tempered with.

Yet another reason why KYC is a bad thing. Damn, I wish I didn’t sign up to so many exchanges in the past. Obviously leaving a significant amount of bitcoin on an exchange is a bad idea but we shouldn’t have to worry about our personal details being stolen.

LOL.. Imagine my case. Back in 2014 and 2015, I signed up for at least a dozen cryptocurrency exchanges (half of them are no longer in operation). These exchanges are based in different countries, such as South Korea, Japan, Slovenia and the United States. Back then, I never thought that sending in a scanned copy of the national ID card and the passport would be such a bad idea. Fortunately my passport expired recently and I had to renew it. But I am still concerned about the copy of the national ID card. Criminals can still misuse it.

Can anyone beat that? This is why we say the media is the biggest problem of the crypto industry, not politicians. Why exhume something that happened between March and May at this time in October (four months after) if not to cause panic at a time Bitcoin seemed to be recovering? The media is the witchcraft here. It's very disappointing too that such came from Reuters, like rioters. Nonsense.

A lot of us made that mistake back then. We really can't help what happened in the past now but to try and make amends for the future, going forward.

Because Coinbase did not tell anybody about it till now. If Coinbase did not make a statement or let anybody know, then nobody can report on it.
On a side note 6000 customers out of the 68,000,000 that they have is also a very small amount. So although an interesting story, it's not like most of they clients had any issues.

-Dave

Every year hacking on exchanges such as this one always occurred because the hackers are also updating their skills and sometimes they find some way to hack some vulnerable centralized exchanges. That's why it has become obligatory for us if we are holding big amounts of bitcoins that we need to store in our hard wallet so that we are the only ones who can access it. Because when the hackers successfully send it out from the exchange, it's almost impossible to recover it.

I can't count how many different clients I meet and work with on a daily basis who ask me about bitcoin and other cryptocurrencies and when they tell me that they've bought some already, and then I ask them where they currently keep it..it's always on an exchange.  Trezor should start to give me some sort of bonus for referring so many people to them.

Whether or not it was an inside job but this incident proves how dangerous it is to store high amount of coins on exchanges.
Imagine what would have happened if an employee of Binance sold it's users data to an external party.
This is why we it is always recommended to store your crypto savings to non-custodial wallets and keep only a minimum amount of coins on exchanges.
Sadly, people don't take this point seriously until they become a victim of such incidents.

there are still many who believe that what is put on the exchange is easier so that what will be done later does not have to do several transactions. In fact, most of them believe because of the habit and convenience that is obtained and they also believe that there will be a replacement, although in the end it may not be guaranteed.

saving on Trezor is certainly better and if you educate all those involved in crypto about the importance of storing on Trezor devices, obviously you should get attention from Trezor like a Bonus, because the education you do is going well, so everything starts a lot switch to Trezor instead of being kept on the exchange.

It always happens and we have nothing to do about it, Hacking in the crypto industry just becomes normal nowadays, this is clear evidence that no platform is hundred percent safe all are subjected to vulnerabilities and we the users must accept it as a part of the risk while using it, many huge and famous platform such as Binance, Bithumb and now Coinbase has become a victim of this unexpected event recently the question is what platform will be the next victim? just asking.   

You hit the nail.

Isn't about how risky or how secure the exchange is, the problem is that people use them as wallets. And that's a really big mistake. People should only depo and withdraw when they want to trade, but never hold the coins in the exchange, because if something goes wrong then they will lose all their cryptos.

Even how many times have we read about this advise and yet, a lot of crypto users are still storing their funds in exchanges. And if in case you will store for a time in exchanges, make sure the exchange some sort of insurance that you can get your money back if anything happens. Just like what binance has, they have safu, which is like an emergency insurance for their users.

Fud or just tending to make out some issues just to make out some attention in the market but i dont really believe that they had been making things just because they arent making that much? I dont think so.

Hacks could happen whether inside job or totally external attacks because we know that in reality that nothing is unhackable on this world so expect the unexpected.

Thing here is that these platforms/services would able to handle these things up.

Well to be honest using centralized exchanges and keeping some huge amount of your investment on it is a stupid idea, and any traders should be knowing that high funds are always at risk and his data is exposed if he is using an online, and to honest hacks are bound to happen one way or another and they are always done by some form of human error and there will always be some loophole in the security that somonesomwhere in the world will use it, so it is better to have control over your own funds rather keeping it in the hands of others.

Surely it's not fault of KYC, and it's all about company but just because of this hack nearly 6000 persons now feeling bad about their documents it's a big issue for them. Hacks and Bitcoin are going side by side it's almost one decade, sadly companies fail to do something about this as well.

We have some holes every time which helping hackers for doing their own trick and stole their data and assets with success in few cases employee's from company give sensitive data to peoples for money and this all happen because hacking software are getting sophisticated just because of this exchanges need to upgrade their security level because now adoption is spreading and too many peoples are involved in this all, and they want some better security from exchanges.

On one hand the government is cracking down really hard on any exchange with relaxed KYC norms. And on the other hand, there is a significant increase in incidents of hacking, and theft of documents that are being used for KYC. For me, this is a big concern. I had signed up for multiple centralized exchanges in the past and on many occasions I had to send the scanned copies of identity documents in order to complete the KYC formalities. If these documents end up with the wrong people, then it may create trouble for me.

even how hard or strict a exchange is but if there is corruption on going surely cases like this will continues to happen.

This is same reason that it is really hard to trust sites that asks KYC because it will always be the target of criminals.

People from some countries are not allowed to use decentralised non-regulated exchanges. Most of them are forced to use exchanges regulated by law, take the example of China or USA. Even major exchanges set in their TOS to not accept registrants from those countries for legal issues.
The point here is not to use centralised exchanges at all, especially as they are rgulated, but to not use those exchanges for big money long term holds. Always remember the rule 'Not your keys, Not your coins'

So since this happened what has Coinbase done about the users that were affected? Because 6000 is not a small number so I know that it’s going to be difficult for Coinbase to do something about this, unless maybe with time they might be able to settle all this users for the losses that they have been through on their platform. Making use of centralized platforms has always been a huge risk in the sense that when these centralized platforms gets hacked by any group of hackers they have access immediately to the user's database.

And just like you have said a bad employee in the company can be stealing information and selling it to bad people who might decide to hack with whatever information that belongs to the users. So it’s very best that people learn to secure their assets and make sure they’re using the best practices.

I don't believe the safety guarantee on all exchanges is 100% even if they tell you how secure the exchange is, don't keep your assets there. Well, at least once not for long. Regardless of how protected they claim to be? As long as there are many users on that exchange, they will forever be the target of hackers, who will continue to try to do what they can to steal all assets from users and a security without No exchanges are now 100% guaranteed, trust me, Coinbase is no exception. The best thing is that the exchange from Coinbase they will have a good measure that is to refund the money that the user has stolen.

In this case the extra vigilance that we have to do for the security of our assets, in the digital world there is always the sale of personal data misused by irresponsible parties and they are always looking for ways to get what they want even if the way they use is not right, and the security system applied to a device there is always a weakness and trust from the second party is also very important as it is with koinbase about the accuser. When we sell data to third parties, so in this case we are always careful with the personal data we have.

This is why I left coinbase few years ago. I'm pretty sure coinbase has been experienced similar issues continuously in past few years and for what I am experienced when I was using coinbase I would say the support is pretty bad in my opinion when I was using web wallet back in that day.

From what I just read on the news that OP posted, I do feel like they need to make better security because if we are talking about web wallet so security is the first factor you have to think first because your funds are vulnerable once your funds touch that type of wallet.

They gave them their money back.
And 6000 although it is a big number out of the millions of customers it is a very small percentage.

If you read the other articles online about it and the discussions about it, it looks like they were not hacked, but rather had an insecure setup on the 2FA that allowed the criminals to change the password of coinbase customers with just access to the customers email address. So they did not even need access to the coinbase systems.

Now, not saying that it's not a lapse in conbases procedures, but if you leave your wallet on the counter at the coffee shop and walk away and someone takes your cash.
The proper statement is not "I was robbed" it's more along the lines of "I had money stolen because I was not paying attention"

https://bitcointalk.org/index.php?topic=5363667.msg58083904#msg58083904 has what I thought happened, security people are saying that is was a bit different then that from the technical side but more or less what happened.

SMS is not and never was safe as a 2FA: https://bitcointalk.org/index.php?topic=5363971.0

-Dave

Big error on the side of coinbase, really. Nowadays, hacking shouldn't be easy so the first thing that comes to mind when personal information about users get leaked out is that it may have been more of an inside job than a hacking incident. But of course, hacking cannot he singled out since nothing is impossible, may be difficult but not impossible. Whatever the case, the blame lies on coinbase still for not being able to protect the safety of the funds of their users. Google auth should've been required. And users should be wary too. If they are gon go and trade, then take it out after. Be it spot or futures.

I think it's a blame for both coinbase and those of it's users who still haven't learnt how insensitivity and exposed they are by leaving their funds in exchanges. I haven't read coinbase terms and conditions or disclaimer but with the numerous hacks on big exchanges like them selves then they should be a warning to clients leaving their huge funds in the exchange, the warning should be made to clients at the point of their registration. We have to stamp hacking out, it's impossible though but if it can be avoided, and loss reduced.

This is a very large hack and this is all due to their personal data spread to third parties, and this is also a result of the weak security owned by coinbase and they will lose many users, let alone some say this is all due to negligence on the part of coinbase, hackers with difficulty obtaining user data then we have to be careful in using the central exchange because the risk is very large, and also the storage of personal data must always be at a high level of security,

This is what the users are worried about. We do not know what happened . It is feared that people from inside may misuse the data or sell user data for their own benefit. However, Coinbase stated that it was not the result of the data that was obtained not from them. .we have to be careful about this .

This is what we always worry about, even though we have completed all security requirements when on exchanges but because of data theft from various sources then all security systems are useless, this is what makes decentralized exchanges more attractive and I prefer to use Pancake swaps if I want to buy or sell coin.

Everything can't be done on pancakeswap, pancakeswap is only a decentralized exchange that allows you to trade cryptocurrencies and tokens without a centralized intermediary. Conbase and several other major exchanges such as Binance have features and advantages that will make crypto transactions easier. The security used is also getting updated and getting more secure. Security is not a guarantee that it will continue to be safe, but at least the big exchanges are safer and more trustworthy for our personal identities.

I am one of the guys who got crooked when Cryptopia went down. To this day I'm waiting for the Claims for the heist to be sorted but it seems that is halted and I probably won't see any compensation back for the lost funds. I wonder if the guys who got hacked at Coinbase will ever have the option to claim their losses...