Bitcoin stolen from Coinbase account, can I get it back?

[bitcoinkonsole]

Hi everyone, 1st time making a post here.  Much thanks to anyone that reads my whole post and is willing to lend so advice.

Is it allowed to the post IP address and wallet address of the person that stole my Bitcoin?  I have the hackers supposed IP address that they used at the time of signing into my Coinbase account and the wallet address that they transferred BTC out to.  I just dont know if this information is allowed to be shared.

Before anyone says that my security wasnt good enough, I agree it probably wasnt, but I have since then gone through and reset passwords and added better forms or authentication, and various other steps to make my accounts more secure.  I've done some research into what I can do to better secure my accounts, so the need to even better secure my accounts is not really my focus right now.

This past Monday morning 10/25/2021 is when this all happened.  I knew that my phone service was probably not active because my phone plan expired sometime in the range of 10/24 to 10/26.  I wasnt sure exactly when it expired because having my cell service being down for a few days didnt seem to be that big of deal to me so I just didnt deal with it quickly.  I was going to renew my cell phone plan probably by the 27th but I just didnt feel it was necessary to do it ASAP.  If I remember correctly my cell phone service was not active at the time of the Bitcoin being stolen, but at this point I dont know if I had been sim swapped, or if it was simply because my phone plan expired right around that time.  I purchased the cell plan on 7/26, it was a 3 month plan and I activated it on 7/26 or possibly the next day, so it would have been active until right around 10/25 (depending on if the plan provider considered a 3 month plan as exactly 90 days, or they considered it the same day of the month 3 months later or what).  Whatever the plan was, its very suspicious that this hacking into my Coinbase account occurred either the exact same day or possible the day before or day after my 3 month phone plan expired, so theres a good chance I was no longer under a phone plan at the time of the hack.  If the only way that the hacker could have gotten into my Coinbase account was by taking control of the phone number on file at Coinbase so they could receive the SMS 2fa code, and they did this right at the same time as my phone plan expiring then likely this hacker knew my phone plan was expiring and was able to get that phone number switched over to them before I was able to renew my phone plan.  I know Coinbase had a known glitch a short while ago that they admitted to that was related to account password resetting involving 2fa using the SMS version, but they claim they fixed that long before this hack happened to me.  Its just very suspicious that this hack happened to me at basically the exact same time that my phone plan expired and I no longer had cell service.  Possibly this person got into my phone plan account and saw when it expired, or maybe its someone at the phone plan provider that had access to my account details.  Maybe its just a coincidence that my Coinbase account hack happened at the same time that my phone plan expired.  I changed my phone number and I removed the old phone number from my Coinbase account when I regained access to the account, so the phone number I had at the time of the hack is no longer tied to my Coinbase account.

The hacker also got into my email and changed my email password so I wasnt able to see all the emails related to the hack until I contacted my email provider and retook control of my email.  The hacker also changed my Coinbase password so I wasnt able to login to there and see what happened until after I had my Coinbase account locked and later unlocked after I verified who I was.

When I eventually looked at my emails and the activity on my Coinbase account, this is what happened, in basically this order...

- password reset request sent to Coinbase
- email password was reset
- Coinbase said the password was changed
- Coinbase said a new device was used to sign-in and the email had a link to "authorized this computer"
- The hacker then attempted to make 2 purchases of BTC using the linked debit card.  These purchases did not complete before I had my bank close the card, but Coinbase tried several times to send the request for these amounts to my bank and eventually the amounts went through and permanently came out of my bank account.  I'm currently in the process of getting these amounts back by filing fraudulent transactions paperwork with the bank.
- About 1 minute later the hacker attempted a 3rd purchase using the linked checking account, and even though Coinbase credited the account this amount, it never actually cleared my bank account.  So now Coinbase is trying to come after me for this amount and saying that my Coinbase account is heavily restricted until I pay this amount.
- About 1 minute later the hacker took all the USD's I had sitting in my USD wallet on Coinbase Pro, and used that to buy BTC.
- Around this time it looks like the hacker attempted 1 more purchase of BTC using my linked debit card, but this purchase was rejected from the start.
- About 1 minute after they purchased BTC using USD's sitting in Coinbase Pro, they started the transferring/sending the BTC out to their wallet.
- The transferring/sending of BTC out to their wallet happened in roughly $50 worth of BTC per attempt.  So they kept transferring/sending about $50 worth of BTC at a time seemingly as quickly as they could, until all the BTC was transferred out to their wallet.  I don't know why they would do $50 worth of transfers at a time and not just transfer all the BTC out at once, but thats what they did.  From the time they started transferring the BTC out to their wallet in roughly $50 worth of BTC per attempt, until the time that all the BTC was transferred out, it took about 9 minutes.  I wont say how many actual $50 transfers it was because then that would reveal how much money there was and I dont feel comfortable revealing that amount at this time.

In the "New device confirmation" email it lists the IP address and the city of where the hacker signed into my Coinbase account, but isnt that information useless if they took steps to hide their true location?  I can also see the wallet address that they transferred the BTC out to which is listed in every "Sent Bitcoin" entry.  So I have the IP address and city that they "supposedly" signed in from, as well as the time of the sign-in, and I also have the wallet address that it looks like they sent all the BTC to, I just dont know how useful this information is in solving who did this.  Is this information useful in catching the hacker?

The only contact I have had with Coinbase since this happened has been to lock the account and then unlock it.  I said in the email to them about locking the account that it appears that my account has been compromised and that any activity on the account after 10/24 was fraudulent, but their only response was to lock the account and make recommendations about securing my accounts and then later unlock the account when I proved who I was.

I just dont understand how so many unusual things can happen on my account in such a short period of time and Coinbase didnt have any systems in place to flag the activity as suspicious and possibly fraudulent and atleast delay the purchases or transfers.  I know that years ago there was delays of alteast a few days of when deposits or purchases are available so that the funds cleared the source before it was made available to the Coinbase account holder, but Coinbase at some point started going to an "instantly available" deposit/purchase system where essentially Coinbase would credit the persons account while Coinbase waits for the funds to clear the source and then Coinbase keeps that.  That meant that a Coinbase user had instant access to the deposit/purchase, but I assumed that it still meant that the Coinbase user could not transfer that deposit/purchase out of Coinbase until the money cleared the source.  I thought it meant that the user could do what they wanted with it (while waiting for it to clear the source) but only if they kept it on the Coinbase ecosystem in case the money doesnt clear the source and Coinbase can take it back.  If Coinbase covers the instant deposit/purchase by making that instantly available to the customer before the money clears the source, and then allows the customers to move that deposit/purchase off of Coinbase then that means that Coinbase could get screwed if they are not able to clear the funds from the source before the customer moves it off Coinbase.  I learned recently that Coinbase DOES allow transferring out any deposits/purchases that they made instantly available to the customer even before the funds clear the source.  Thats a big risk on Coinbase's part and I dont know why they allow that.  Someone can purchase $50,000 worth of BTC, Coinbase makes that instantly available to them to then transfer to some wallet outside of Coinbase, then the customer blocks that payment at their bank and then Coinbase is screwed because they cant get the $50,000 they are owed.  This applies to me because the hacker used my bank account to buy BTC on my Coinbase account and then Coinbase instantly made that BTC available to them and allowed them to transfer the BTC off of Coinbase immediately.  I had hopes that the purchases using my bank account wouldnt be available to immediately transfer off Coinbase and that it would still be in my Coinbase account considering that I had the account locked 7-8 hours after the hack started which would have been well before the money cleared my bank, but nope the hacker transferred it all out immediately after purchase.

So why would Coinbase allow the following events to happen without flagging it as suspicious and putting up some kind of possible fraud preventative measures?
- hacker requests to change my Coinbase password
- 6 minutes later Coinbase accepts the password change
- less then a minute later the hacker signs into my account from a new device, from an IP address that I have never signed in from, and from a location that I never signed in from.
- 3 minutes later and for the next 2-3 minutes Coinbase accepts purchases of BTC using my linked bank account.  The hacker only stopped these purchases because eventually Coinbase realized the bank was blocking any more purchases.  I havent legitimately made any cryptocurrency purchases on Coinbase using a linked bank account for atleast a couple years, just so you know.  So these types of purchases on my account are exceptionally unusual.  My activity on Coinbase for years has been just trading on Coinbase Pro, or withdrawing or depositing USD's between Coinbase/bank account/paypal.  I have never actually deposited or withdrawn cryptocurrency onto or off of Coinbase
- 1 minute later the hacker emptied my USD wallet by using all the USD's I had sitting on Coinbase Pro to buy BTC on the regular Coinbase website.  The only time I have ever emptied my USD wallet on Coinbase Pro and moved it to the regular Coinbase website was when it was just a transfer of USD's that went from Coinbase Pro to the regular Coinbase website and then transferred those USD's to my bank account or paypal first and then my bank account after.  But I have never emptied my USD wallet on Coinbase Pro by converting it to cryptocurrency first.
- 2 minutes later the transfer of BTC out of my account to the hackers wallet started and it was constant transfers one after another of $50 worth of BTC in each transfer.  These transfers out to the hackers wallet took about 9 minutes, and it took place over so many individual transfers that just never happen on my account and should seem rather suspicious to Coinbase.  If I was legitimately transferring BTC out to some wallet do you think I would do it with everything I had in my account and do it with so many individual transfers worth $50 of BTC?

There was just too much suspicious activity on the account that I just cant understand how Coinbase didnt have measures in place to detect the suspicious activity and intervene in some way to prevent atleast some of the damage.

Is there anything I can do to track down the hacker?

Would there be any chance of Coinbase admitting how this was clearly the actions of a hacker and reimburse atleast some of my money?

Would there be any chance of Coinbase admitting that all that suspicious activity should have been noticed by them and some sort of actions taken to prevent the hacker from completing their goal, and they give me some sort of reimbursement as a result?

[sheenshane]

It's a sad story and sorry for your loss, by the way, how much does the total amount get the hackers from your bank account aside from $50 from your Coinbase Pro account?

Is there anything I can do to track down the hacker?

Coin base has nothing to do with this, it's already your responsibility to protect your account.  All you have to do is file a report and might there will be cybercrime authorities in your place who will help you to solve this case.  But if that is a small amount I'd better move on and learn from those mistakes.

Next time, this is what you have supposed to do. "My account was compromised".  I have doubts that the hacker also knew about you.

Would there be any chance of Coinbase admitting how this was clearly the actions of a hacker and reimburse atleast some of my money?

Would there be any chance of Coinbase admitting that all that suspicious activity should have been noticed by them and some sort of actions taken to prevent the hacker from completing their goal, and they give me some sort of reimbursement as a result?

Once it was transferred there's nothing you can do and there's no refund from Coinbase.  I don't know why hackers have all of this, besides from your bank account it will ask password before the transaction is successfully done.  Right after the hacks, you should report this to Coinbase.

[bitcoinkonsole]

From my bank account they were able to buy and transfer out $2500 worth of BTC.  They stole alot more then $50 from my Coinbase Pro, the $50 is how much the value was in BTC of each of the many transfers out to their wallet that they made.  Each transfer out to their wallet was about .0008 BTC and they did that one after another until all the BTC was transferred out.  BTC was around $63,000 at the time and I think each of the transfers was just under .0008 BTC or so, which made each transfer worth about $50.  I wont say how many total transfers there where because that would reveal how much total money it was and I dont think thats important to know.

Could there be any significance to the hacker transferring the BTC out to their wallet in $50 worth of BTC per transfer in many transfers rather then just transferring all the BTC out in one large transfer?

Has anyone actually filed a report with their local police and it resulted in finding the hacker and getting their crypto back?

The amount is enough of a financial blow to wish I could get it back, but not so much that its life changing.

[Potato Chips]

Would there be any chance of Coinbase admitting how this was clearly the actions of a hacker and reimburse atleast some of my money?

Would there be any chance of Coinbase admitting that all that suspicious activity should have been noticed by them and some sort of actions taken to prevent the hacker from completing their goal, and they give me some sort of reimbursement as a result?

I've never heard of any hacked victims who has gotten anything from coinbase. This is because coinbase assumes it's the user's fault most of the time and so they hold no responsibility. Maybe if you get a foolproof evidence that they are at fault and it becomes a controversy, you'll get something out of coinbase.

Has anyone actually filed a report with their local police and it resulted in finding the hacker and getting their crypto back?
The amount is enough of a financial blow to wish I could get it back, but not so much that its life changing.

But each case is different, some are prioritized because of how huge the amount it, how hard the tracking is, how controversial etc...

But I don't see how you shouldn't report these to authorities/investigators. The chances are slim but you never know, maybe it's connected to a bigger group of scums that is being investigated and/or they are dum dums.

There is ic3 (https://www.ic3.gov/) for starters and reclaimcrypto (https://www.reclaimcrypto.com/) that flags addresses and sends it to their partner exchanges. Note: be careful of scam recovery services, they are everywhere.