Warnig to Coinbase uses, My Coinbase account got hacked, I lost most of my cash

[mfred68]

Hi guys, i'm new here and new to Crypto, it was a mine field learning about it and setting up an account in order to invest in Bitcoins.
I heard in so many places that Coinbase is the best and safest place to buy and trade Bitcoin, so in October I started buying Bitcoin and bought some each week until I had spent about £700 UK pounds, and up until the end of November it had risen to £1200 and was still rising.
Around the middle of November I decided to buy £500 of litecoin too, and I too watched it's value go up.

On the 29th November Coinbase seemed to have technical issues (or so I thought) as I could no longer log in on my PC, but my Phone app was still working.
Then on the 30th November I tried logging in again, and all i got was a very slow blue progress bar moving across the screen, that never went any further than half way.
I then had an email saying that a device located in the UK with a certain ip address that coinbase has not seen before "or for some time" wants to gain access, and an allow button.
I then thought that this message must be because my own computer wants to log in, thinking that the ip address was mine, as the sentence stated "or for some time" so i clicked Allow and waited, thinking that my blue login progress bar would suddenly move across the screen, and my account would be accessible to myself.

I was also expecting an sms to confirm its me, but that never arrived.

Then, about 5 minutes later I did receive about 5 sms messages from coinbase saying that they have put a delay of recent transactions due to suspicious account activity, and advised to lock my account down immediately.

Because my Coinbase phone app was still working, I quickly checked my account, and to my horror, all but £40 out of £500 was stollen from my Litecoin account, and my bitcoin account said zero.

This horrified me and I imediately locked down my account and contacted Coinbase.

I checked my emails and found 5 emails  (two for Lite coins, 3.000 coins each, and 3 emails for Bitcoins of 0.0216, 0.0216 and 0.0144) congratulating me for having successfully sent Lite coins to this address:LXyQLViRRVVeZLF75neVYUZRZy75vPb4NX and bitcoins to this address: 19pMAWhtqUB17d8kifJKzgsvDFmcXLye6U

Coinbase replied about 2 hours later via email asking exact details of what had happened, so I gave them exact details, including screen shots of the transaction emails.

I have yet still to get a reply back from Coinbase, and in the meantime my account is still locked down and I can't find any means of accessing it again (can anyone help with regards to re-accessing my account?)

I thought my money was safe on Coinbase, like it is in my online bank, and because coinbase was down on the 29th, which prevented me from accessing my account from my PC, and also having a misleading email saying that a device wants to access my account that Coinbase has not seen before, or for some time, I found this misleading thinking it applied to my device as being the "for some time" bit.
Because of this I hold Coinbase totally responsible for having caused this login problem and losing my money.

Now for the BIG question...With Crypto being so easy to hack, how can or could it ever take off and become mainstream as conventional money?
One fix for this i would say is to build in a transaction delay of at least an hour, so that the sender has the option to click on a cancel button during that time to cancel a transaction. But the way hackers can rob you within seconds is a major flaw in the whole Crypto world, people can lose their whole status and even turn to suicide from their loss.

Even if keeping a cold storage of your crypto, could be safe while its in cold storage, but what if when you want to spend it or cash it in for real money? you need to transfer it to a computer first which opens it back up to hackers robbing it.

I'm totally put off from the whole idea now, as I have lost a big chunk of money , and I now read that i'm not alone with other having lost hundreds of thousands, I really feel for them.

Will Coinbase take responsibility in my case do you think, or is it a dead horse?

[kahc]

The big question is how the perpetrator bypassed your 2FA.
Can you please post your Coinbase Account Activity around that time this hack took place, when you get your account back? Interesting to see how it happend.

Like this:

[quantum.btc]

I'm not sure how this could have happened to you? Don't you have two stage log in?  I have that enabled so every time I log in I need a cell phone signal. It's the safest way. It sounds like you have some kind of malware that stole your credentials from your PC.

[mfred68]

I'm not sure how this could have happened to you? Don't you have two stage log in?  I have that enabled so every time I log in I need a cell phone signal. It's the safest way. It sounds like you have some kind of malware that stole your credentials from your PC.

Even if my PC does have a malware which im unaware of, I should still have received F2A on my phone shouldnt I have? also if my phone number was stollen and transfered to the hacker, then howcome I was still getting sms messages from coinbase telling me they paused the transactions (what was left of them) as the theft was taking place?

Also with the email asking me to varify that another device is trying to login that coinbase has not seen before or for some time.

Heres a copy of the email:

Coinbase
New device access
A device or location we haven't seen before, or for some time, is requesting access to your account:
Location: United Kingdom
IP Address: 195.147.132.40
Browser: Chrome (Windows)
If you approve of this action, please click the link below to authorize this device.

Note that you need to access this email with the same device that you are confirming.

So because it also said that i need to access this email with the same device that you are confirming, I thought that only I can access it and no one else.

Any ideas how this could have happened? Coinbase still have not replied back and my account is still disabled.

[SrEasts]

I'm confused, you're talking about coinbase security when you're the one who authorized the log in of the hackers?

[mfred68]

I'm confused, you're talking about coinbase security when you're the one who authorized the log in of the hackers?

I did not knowingly autherise login for hackers.

At the time I could not login to coinbase for 2 days, and on the second day i tried to login again and again with no luck, then i get an email saying that a device wants to login, this email arrives during the exact time when i'm attempting to login, so i assumed it was sent because i was attempting to login as it stated location as uk and chrome which is what i'm using and i live in the uk. as for ip address, i don't know how to find this, but because this email arrived exactly at the time when i was attempting to login, i assumed it was because of me trying to login. Also because it mentioned that i have to access this email with the same device that i'm confirming, which i did, A hacker could not do that as he didn't have my device and my ip address would be different to the hacker. Also why did i not get F2A yet hackers still gained access.

I think this was a system glitch on coinbase and cause my account to become unsecure.

Being that i have the hackers ip address, could that be traced to the hackers location?