My Coinbase Account Was Hacked

I was not scammed and that wasn’t phishing, i’ve been literally Hacked.

I recently had my coinbase account hacked, and I want to document every detail with all of you, hoping that this doesn’t happen to anyone else.

Let’s start from the beginning, I’ve been using cryptocurrencies for several years and I use different exchanges, I’ve always preferred to diversify both cryptocurrencies and exchanges, to minimize risks.

I have always been careful and meticulous even in the smallest aspects concerning security, I have always tried to inform myself and I have always followed all the security advice.

For example, I’ve always used 2FA.

But that wasn’t enough to keep me safe, as I was still hacked,
and I lost so many cryptocurrencies. They were stolen from me, and I couldn’t do anything to avoid this situation.

On December 28, 2022, while i was serching for a programm on the web, on my windows laptop, I unintentionally downloaded a windows executable.

This is where it all started.
This Exe was a virus, and this virus used my windows pc to do all the following operations.
Took over my coinbase account, converted all the bitcoins I had into Ethereum, sent all the crypto to two different accounts.

And this is the story, but how was all this possible?

And here a third actor comes into play, called Coinbase.

Coinbase should keep our funds safe, using the 2FA Authenticator, always notifying every transaction and every operation, making sure its customers are always safe.

Well all this did not happen.

  • The first problem I found is that on the windows pc, I hadn’t logged in to the Coinbase web application for several months, in theory the application should self-logout, if it hasn’t been used for diferent months, why hasn’t this happened? I only use the Coinbase app on my phone, I never use it on my PC.
  • The second problem is that only the coinbase app was hacked, not the coinbase wallet, not Binance, not Metamask….
  • The third problem is that the funds have been transferred without using the 6-digit google authenticator code, how is this possible? The 2FA was active but was bypassed .
    When I have to withdraw my funds I am asked for the 6-digit google authenticator code, how was it possible to circumvent this security? I’ve always had the 2 step factory authenticator active, why didn’t it work on this occasion?
  • The fourth problem is that I was not sent any confirmation email, or message on the mobile number. Nothing, all silent. Didn’t see this even coming, like the perfect crime.

Usually, when I use the account, all this information is asked, and everything is reported via email.

Furthermore, only the Ethereums were sent, the bitcoin i had was converted into ethereum, the other cryptos remained in the coinbase account, which is also very strange.

All of the security protocols appear to have been bypassed, and whoever wrote the code knew the coinbase security inside out, and knew how to bypass it.

I have the executable that did all this, I can also share it with you, I’m analyzing the code, after revers engeniering.

The Two Ethereum Wallet that stole my cryptos:

Ethereum Scam Wallet N1 0xc09f36317566e05a6748f6cd5c251a12d392a012

Ethereum Scam Wallet N2 0xc09f36317566e05a6748f6cd5c251a12d392a012

Day One

On December 28, 2022, I started seeing some strange movements on my coinbase account.
I wasn’t even logged into my account from my pc, and I get two notifications on my Android phone.
No confirmation, just two notifications on android:
The first notification, of converting my bitcoins into ethereum
The second notification, of sending all my ethereum to another address (the two addresses i have pasted before).

Very surprised, and panicked, i realized something was wrong, and rushed to block my coinbase account from my phone.

And here all the problems begin,
The customer support number doesn’t work, I called dozens of times, it didn’t even seem to be active and no one was answering.

I have written more than 50 mails to coinbase customer support, and nobody wants to help me, they even refuse to answer my questions and concerns. They don’t even want to analyze the executable that did all this, or verify why 2FA didn’t work.

Day Two

My account is still blocked, coinbase customer support replied to my emails in a generic way, and without giving any concrete help. This is one of they answare to my concerns:

Coinbase Support Reply

I answered to all their questions, and in the meantime asked about the status of my account:

  • How many crypto had been stolen?
  • Why didn’t 2FA work?
  • Why didn’t I receive any email or confirmation message?
  • Why wasn’t I asked for the 6-digit google authenticator code?
  • Why my account was active on a device where I hadn’t been logged in for months?
  • Why the only exchange that had the problem was coinbase, and the other exchanges are much safer and do not have these security problems?

All questions that will remain unanswered.

Analyzing Etherscan.io Wallet

Etherscan.it

The image is from ethersca.io and in this link you can see all the details from the Hacker wallets.

https://etherscan.io/address/0xc09f36317566e05a6748f6cd5c251a12d392a012

Analyzing the wallet on etherscan.io, it is clear that the wallet is very active, therefore several people have been hacked, and continue to steal the crypto from various people.

And Coinbase does not take any steps, not even block this account, to prevent sending cryptocurrencies to this wallet.

Day Thre

One of the first things I did was report this to the FBI.
I have described all the details of what happened, inserting all the data and the players involved.
Hopping that after this complaint, the FBI and Coinbase will take the incident seriously and begin to investigate, to prevent similar episodes from happening again in the future.

It is very important to report everything to the FBI, as the exchanges will not seriously answer my questions and concerns.
But they are obligated to cooperate and answer all questions and investigations that will be made by the FBI.

If something similar has happened to you too, remember to complain at the following link FBI Complain Form

Decompiling the Virus

I started analyzing the virus, to understand how they managed to bypass all the security of Coinbase.
I’m very skeptical that anyone can write code that Hacks Coinbase.
The developers who wrote this code knew exactly what they were doing.
They were perfectly familiar with all of Coinbase’s security measures and weaknesses.

It almost looks like an inside job.

I hope some of you can give me some advice or help me.
Also if anyone has had a similar experience you can write me at the following email:
info@elegantweb.it

Also if you found this post useful, or if you want to help me, make a small donation so that I can buy my crypto again.

Thank you.

One-time donation via PayPal

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *