Twitter thread shows Coinbase’s servers may be compromised
A Coinbase user recently shared a Coinbase-related scam story indicating that the exchange’s servers might be compromised.
Jacob Canfield, a YouTube host and bitcoin enthusiast, claimed he received a text message about a changed two-factor authentication (2FA) setting on their Coinbase account. Shortly after, he got three phone calls from an individual claiming to be a Coinbase customer support representative. The calls originated from a San Francisco number, adding to the illusion of legitimacy.
During the calls, the impersonator asked whether Canfield was traveling outside the US and whether he had requested changes to the email or 2FA settings. Although the trader denied travel plans and insisted he hadn’t initiated any changes, the scammer insisted on revealing the verification code.
The scammer also intended to redirect Canfield to a “security team” to verify the account and prevent suspension. The scammer possessed the user’s name, email address, and location to establish credibility. They even sent a fraudulent email from [email protected] to the user’s email containing a seemingly legitimate verification code.
Canfield immediately changed his Coinbase account password and 2FA settings. However, the scammer insisted those actions would not suffice for verification and threatened to lock the account for seven days unless the user provided the verification code. When Canfield refused, the scammer abruptly ended the call.
The incident raised concerns about a potential attack on Coinbase’s servers. In the replies, users shared similar stories involving the impersonators who claimed to be from the exchange’s support.
Moreover, another user reported a similar case on ChainAbuse in November 2022. According to the post, the amount lost was over 13 BTC (around $360,000).
In Canfield’s case, the hackers not only had his data, which would mean a data breach. They were also able to spoof the email as if it were from @coinbase.com which looks like an alleged hack. The domain and some less critical servers could probably be compromised.
Crypto.news has requested an official comment from Coinbase regarding the matter.