Here’s How Hackers Can Access Your Coinbase Account
It’s not as difficult as it should be…actually, all they need is your name and cell phone number.
Step 0:
While not always necessary, the best hackers will attempt to get your personal information (like your address or date of birth) by searching your social media accounts, purchasing it on the dark web, or attempting a phishing attack. This information will make it easier to bypass security in Step 2.
Step 1:
Your attacker will contact your cell phone provider either by phone or in-person while impersonating you. They’ll tell the customer service representative that they want to transfer “their” phone number to a new device, saying that their old phone was lost or stolen.
Step 2:
The customer service representative will probably ask them a few security questions. If they did not collect all of the necessary information in Step 0, they will use social engineering (a sob story) to get the representative to bypass these security measures. This usually works, and if it doesn’t, they’ll simply try again with a different representative at a different store location.
Step 3:
Once they have gained access to your phone number, they will utilize the “forgot my password” function on your Coinbase account. The company will text them the steps to reset your password, thereby granting them full access to your account. They are then free to withdraw your coins, leaving you with no recourse.
This is called a SIM porting attack (also called SIM swapping, SIM hijacking, or phone porting) and it happens every day. Notable victims have included Selena Gomez, Cody Brown (founder of IRL VR), and even Dena Haritos Tsamitis, the founder of Carnegie Mellon University’s cybersecurity and privacy institute. Countless other victims have had their Coinbase accounts hacked, but needless to say, the company would rather not acknowledge the extent of the issue.
How To Protect Yourself
The easiest thing to do is to call up your phone provider to set up additional security procedures for your account, such as requiring a password to switch your phone number to a new device. However, this still does not protect you from an insider job or a well-meaning customer service representative who is susceptible to a good sob story.
The only way to truly protect yourself is to transfer your coins to a fully noncustodial wallet, like TrustlessBank. As long as you have full control of your private keys, not even employees of your wallet provider can access your private information or give unauthorized access to your account. You also avoid high fees and account freezes with this decentralized model.
Be sure to follow me for more and check out TrustlessBank’s active Telegram chat.
