Bitcoin Forum
November 08, 2024, 05:44:30 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Good thing for two-factor authentication. Coinbase account definitely hacked.  (Read 2924 times)
jbrock11 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
March 10, 2014, 06:31:09 PM
Last edit: March 13, 2014, 12:34:13 PM by jbrock11
 #1

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

*Edit*: This stupid fu*k has now hacked into my email. Anybody else out there with a little hacking no how, feel free to return the favor.
 IP = 27.20.238.204
pbj sammich
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250


Fighting Liquid with Liquid


View Profile
March 10, 2014, 06:32:43 PM
 #2

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and has a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

Just out of curiousity, where you a Gox customer?
drrussellshane
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


View Profile
March 10, 2014, 06:32:47 PM
 #3

Good thing you used two-factor authentication!

Bitcoin-related sites, as a rule, should offer TFA.

Buy a TREZOR! Premier BTC hardware wallet. If you're reading this, you should probably buy one if you don't already have one. You'll thank me later.
jbrock11 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
March 10, 2014, 06:39:50 PM
 #4

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and has a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

Just out of curiousity, where you a Gox customer?
Nah, don't really mess with the exchanges much. Even though I do have an account on Cryptsy.
jbrock11 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
March 10, 2014, 06:41:50 PM
 #5

Good thing you used two-factor authentication!

Bitcoin-related sites, as a rule, should offer TFA.
Yea, I'm thinking it should be a requirement to start an account with all these sites. I know it's the early days and better security will be coming in the future but right now, it's the wild west out there. Can't take any chances. Especially when nobody is really offering insurance right now.
fivejonnyfive
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
March 10, 2014, 06:47:09 PM
 #6

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?
jbrock11 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
March 10, 2014, 06:55:31 PM
 #7

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?
The two-factor did but as I said, it's still just an option on Coinbase. Luckily I had it turned on.

I'd expect more out of their site security though. My password was pretty difficult but that didn't seem to matter at all.
Arksun
Sr. Member
****
Offline Offline

Activity: 616
Merit: 250



View Profile
March 10, 2014, 06:57:03 PM
 #8

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

I don't get it, someone made a password recovery request pretending to be you, anyone can do this, with any website, anywhere. So Coinbase shouldn't offer password recovery? As long as they don't also control your email account whats the problem?

.
      ▄▄█▀▀█▄▄
  ▄▄█████▄▄█████▄▄
████  ███  ███  ████
  ▀▀█████▀▀█████▀▀

▀█▄▄  ▀▀█▄▄█▀▀   ▄▄█
 ▀▀███▄▄     ▄▄██▀██
     ▀███   ██▀  ▄█
██     ██  ██ ▄██▀██
▀██    ██  ███▀  ▄██
 ▀███▄▄██  ██ ▄███▀
    ▀▀███  ▀██▀▀
Just.Bet 
 
 
 
█▀▀▀▀▀










█▄▄▄▄▄
.
DICE
LOTTERY
PLINKO
.
COIN FLIP
CRASH
WHEEL
▀▀▀▀▀█










▄▄▄▄▄█
.
        ███████       ▄▄██▄
                  ▄▄███▀▀██▄
      ██████   ▄███████▄▄███▄
               ▀██  █████████▄
                ▀█████████▀▀██▄
████████████     ▀███▀▀███▄▄██▀
██  ████  ██      ▀██▄▄███▀▀
█████▀▀█████  ██   ▀██▀▀
█████▄▄█████
██  ████  ██   ██████
████████████
.
DECENTRALIZED
PROVABLY FAIR
ON CHAIN GAMES
█▀▀▀▀▀










█▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
PLAY NOW
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀█










▄▄▄▄▄█
[/center]
greenlion
Hero Member
*****
Offline Offline

Activity: 667
Merit: 500


View Profile
March 10, 2014, 07:26:13 PM
 #9

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

I don't get it, someone made a password recovery request pretending to be you, anyone can do this, with any website, anywhere. So Coinbase shouldn't offer password recovery? As long as they don't also control your email account whats the problem?


I would immediately change your email account's password, because the above scenario is absolutely correct, and for someone to have bothered to do this in the first place, they likely would've had reason to believe they were in control of your email.
farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
March 10, 2014, 08:21:52 PM
 #10

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?
The two-factor did but as I said, it's still just an option on Coinbase. Luckily I had it turned on.

I'd expect more out of their site security though. My password was pretty difficult but that didn't seem to matter at all.

So the 2F worked, how is it unsafe?
101Official
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile WWW
March 10, 2014, 08:33:45 PM
 #11

So the 2F worked, how is it unsafe?

Sounds like everything is working as expected.
nanobtc
Hero Member
*****
Offline Offline

Activity: 605
Merit: 634



View Profile WWW
March 10, 2014, 09:31:17 PM
 #12

Statistically, your home PC is probably a greater risk than Coinbase.

Lennon: "free as a bird"
cozytrade
Sr. Member
****
Offline Offline

Activity: 1162
Merit: 310


Vave.com - Crypto Casino


View Profile
March 10, 2014, 10:24:04 PM
 #13

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Password reset request does not indicate any successful hack. How come do you think your account is definitely hacked.

Just because it is from China?  Tongue

amspir
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 10, 2014, 10:56:19 PM
 #14

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

It just means somebody who has your email address submitted it to coinbase.  If they compromised your email, then you would have a problem.

Vitamin
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
March 10, 2014, 11:16:28 PM
 #15

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?
drrussellshane
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


View Profile
March 10, 2014, 11:21:01 PM
 #16

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?

I think that they were speaking generally...

However, Coinbase likely spends a great deal more money than many here do, for the sake of securing their computer systems. Although Coinbase may be targeted more than the average PC or whatever, they also are cognizant of that, and so they take steps to prevent having security threats, which is evidenced in part by the fact that they haven't suffered from any "hacks" to my knowledge.

Buy a TREZOR! Premier BTC hardware wallet. If you're reading this, you should probably buy one if you don't already have one. You'll thank me later.
edok
Full Member
***
Offline Offline

Activity: 167
Merit: 100


View Profile
March 10, 2014, 11:40:13 PM
 #17

Statistically, your home PC is probably a greater risk than Coinbase.

I trust exchanges way more than I trust myself and my setup.

amspir
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 11, 2014, 12:08:41 AM
 #18

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?

I can't vouch for any statistical analysis, but when I last looked at my router logs, I'd see an average of 5 probes (A single IP addresses looking for open ports) a day.  About 40% are Chinese, usually attached to a university, followed by probes from Russia, then other European and US addresses in number.   It's a little unnerving when you are aware that random people checking the lock on your door several times a day.
nanobtc
Hero Member
*****
Offline Offline

Activity: 605
Merit: 634



View Profile WWW
March 11, 2014, 12:50:44 AM
 #19

I wasn't pointing a finger at the OP for being insecure, I should have worded that better, sorry. Coinbase has to comply with AML laws of 50 states. I *know* that they have had to jump through a thousand hoops to do that. I work with network security, and PCI compliance (Payment Card Industry). My work is going through PCI tests now, and it is a huge headache.

Statistically, the chances are high that the OP is using Windows, which also 'by the numbers' has the highest chance of being broken into. Microsoft is dropping all updates for XP on April 8. I got an email today, estimating that 30% of people are still running XP. With no more security updates, XP will become a playground for black hats. Anyone that runs a local wallet on XP is foolish and at risk. Encrypt your wallet at the very least, please get rid of of XP at the best. Even if your wallet.dat is local, and encrypted, a keystroke logger gives  up all your passwords to everything that you log in to.

The OP may be a Mac guy, or a Linux guru, in which case that chances are very low that his PC got broken in to. Still, Coinbase has to live by much higher standards than any of us do. 2FA is a very good thing, everyone should use it when they can. Logs can be scary when you look at them, but all of that is firehose probing for common default vulnerabilities. Nobody has singled you out.

MtGox was in Japan, they had no such laws to comply with. I recommend Coinbase to my friends and family in the USA.

Lennon: "free as a bird"
joshua3m
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
March 11, 2014, 12:59:14 AM
 #20

to the OP even account with 2fa isn't safe every time... rooting your phone you are letting some people free in plus there is such a big amount of malware in play store that sooner or later someone will get what they want...

https://www.youtube.com/watch?v=6oAQoDfeN08

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!