Beginning of December I jumped into the BTC fray, started with 3 BTC. I figured I was long on these and *should have* converted these to paper, but let them sit there for the time being.
I turned on 2-factor authentication with Authy, and I did turn on my API to run a Windows app (Bitcoin Tradr) so I could have a running ticker on my metro panel. I completed all the verification steps with Coinbase so I could start instant purchases down the road. Also, I downloaded the COinbase app to my Android phone.
Fast forward a month... I'm out working in the yard this afternoon and my email alert goes off and my heart jumps into my throat: 3 BTC transfered to a unknown wallet and Coinbase shows a pending transaction for 1 BTC and that was already transferred out as well. Rush to the laptop, no BTC in my account, one pending purchase, and a total of 4 BTC moved out.
![Sad](https://bitcointalk.org/Smileys/default/sad.gif)
Immediately remove my bank account and credit card info from Coinbase. No transactions showing on their websites, but I'm sure something will hit in the next day or two - both the bank and the backup credit card said they cannot preemptively stop a EFT transaction, so... dispute as fraud when it hits?
About 2 hours ago, looks like a bunch of new wallets were created on my account, not sure why...
Disabled API key, changed password, email Coinbase - no response as of yet.
The receiving wallet is 18XmFQ6YCsJDbtBxvQcNgyUNwh8MkpoMv4 - what's weird is when I look at account activity my IP address is the only one listed.
So, where'd I go stupid (besides failing to convert to paper) - was it the Bitcoin Tradr app? Is there a weakness in Coinbase's API hosting?
I figure I'm SOL on at least the three coins, the fourth one is kindof up-in-the-air, Coinbase may have to eat that one. If anyone has any sage advice I'm all ears...