Discussion in 'CryptoCurrency' started by Inconite, Apr 17, 2019.
Its not Coinbase issue if he lost money from Skrill aswell. Just saying.
Malware has become rampant in crypto. Do you have ANY plugins on your browsers or phone? Do you have any non-legit software installed? Any weird apps on your phone? Could be any piece of software or app, not even crypto related, such as stupid weather app or anything like that.
Could also be on USB sticks that you've bought online and used for your computer, SD cards, etc. Hackers are finding crafty ways to embed code that will allow them access to your coin accounts.
Your OS must have been compromised.
I couldnt see in the thread above but did anyone ask what form of 2FA you were using with your email, coinbase & skrill?
The issue was with 2FA. even if the hacker got my passwords he shouldn't have gone through 2FA. that indicated that 2FA is not reliable.
I was using authy for coinbase, Google Authenticator for Skrill and mobile sms code for Gmail account.
I did format my PC after hacking incident but I don't think my PC had any malware. I always used latest version of software and malware security.
You've been hacked twice with 2FA enabled on two different sites. It's either your phone or your PC.
Also, haven't used Authy, but if you're using something like their browser extension, then stop and change your 2FA keys. The whole point of 2FA is keeping things separate.
If you don't own the private keys it isn't your money.... How long will it take people to learn
Most pro traders use dedicated trading computers. if you're serious about protecting your money, you might consider that, as well as storing your coins off the exchanges. Look at getting Ledger or Trezor.
Right but technically in crypto, nobody "owns" the private key. It is not tied to any person. If someone can figure out your private key, then it becomes theirs to take.
To the OP, did you by any chance make copies of 2FA QR codes as a backup anywhere?
IMO .. Though you might not agree with me. .
Best bet is that you were engineered and not coinbase. If there were discovered flaw in coinbase 2FA or coinbase was faulty, they wouldn't go for your account .. there are many accounts out there over $15k. And there would already be an outbreak.
Who knows though.
Don't store your Bitcoin in any of the online digital wallets, they code the same level as Facebook or less.
iPhone6 is no longer secure, you will need upgrades to better hardware.
I suggest you call your phone line provider immediately for one question: How many simcards do I have attached to this current line I am using to call you?
thats bad...hope coinbase not respon your tickets in next year like they usually did
I'm no expert in 2FA, but having the algorithm doesn't seem like it would mean you could hack people at will. (By the way the likelihood of some low-medium level hacker having an accurate working knowledge of any major 2FA algo is beyond infinitesimally-small.)
An algorithm is just a set of rules doing something computationally or mathematically, but if part of the process is tied to the phone itself which you don't have access to then it means dick having the algo.
Every phone gets different 2FA's on Google Auth etc (ie. all getting 291849 at the same time would defeat the purpose of it just a bit), and the fact that globally 2FA is still widely used without the system breaking down (ie. random intermittent thefts on a large scale) means that Google calculates the digits securely and sends to your phone and having knowledge of the algorithm without also having the phone would mean nothing - otherwise 2FA would collapse very quickly and it would be a global news story.
What's much more likely is that someone else with physical access to your phone is stealing your money. If it's happened twice on two different platforms then it fits a pattern that the security issue is a human vulnerability as opposed to a technological vulnerability. The only other logical answer would be some kind of malware or spyware on your phone which can scrape your 2FA and transmit it over your wifi/4g instantly. Get a new phone, install Google Auth, and use brand new passwords to lock your phone which you keep to yourself.
I wouldn't think that saying it's a flaw with Coinbase is accurate, only because their system is relying on the 2FA not to be known by anyone else but you and how can they tell if it's you or someone else. My feeling is that 2FA is rock solid when other people can't access it as well.
yeah pretty sure that is not coinbase, but you. Someone finding way to break 2fa and go for your $650 worth of crypto.. kind of hard to believe.
i think OP ever told someone about his coinbase access
Coinbase has the option to not ask for 2FA for 30 days, if you select it when logging in from the browser. Would be pretty easy to access an account if someone has your email and password.
No, because this is limited to the current device only. If you log in like this from another device, it will still ask you for 2FA because of access from an unknown device.
In this case, I suspect it was the OP's device that got compromised.
That was what I was kind of implying.
i really think someone who has access to your pc or whatever device you used in managing your coins , took your money
CB account with 2fa requires verification before accessing funds, which cant be brute force or phised. you mention something similar happend with skrill i would advice you scan your device for malware or phising app etc.
Separate names with a comma.