Hackers Have Stolen $40,000 From Bitcoin's Biggest Wallet Service

If you're looking to dive into the exciting world of Bitcoin, chances are you're going to get your start with Coinbase, one of the more reputable of wallet services that boasts about $15 million in Bitcoin transactions per month. As one TechCrunch editor said, "It's the one I would tell my mom to use." But even the best of Bitcoin can be prone to theft, and as The Verge found out, that susceptibility has lost users upwards of $40,000.

One user named Jeff confirmed to The Verge that hackers managed to swipe 10.6 Bitcoins (totaling around $10,000) from his Coinbase wallet in December of last year. He eventually got his money refunded, but barely a month later, Jeff fell victim to another attack, this time losing $7,000 in addition to his original ten. While he was able to save the additional $7,000, which the hacker had used to make a new Bitcoin purchase, his original 10.6 Bitcoins were gone. Coinbase refused to refund him a second time.

It's not just Jeff, though; there have also been two other recent Coinbase thefts totaling $21,000. The thing is, it's not that Coinbase necessarily has some service-wide vulnerability; it's Coinbase's API key, which is the code that grants programmers access rights. Part of the appeal of Coinbase is that, according to The Verge, "the right API key will let any program move bitcoins in and out of a given accounts." So as soon as the key is compromised, hackers pretty much have free reign to do whatever they want with your account.

More than just Coinbase's API, though, the anonymous nature of Bitcoin itself makes reversing transactions impossible and laundering money far too easy. So regardless of Bitcoin's appeal as an untraceable, anonymous form of payment, keep in mind that it may not quite be the foolproof solution you're looking for. [The Verge]

Update 11:05 AM:

Coinbase has reached out and provided us with the following statement.

A few weeks ago, we learned that a small handful of Coinbase customers were victims of a phishing attack, which resulted in bitcoins being taken from their accounts. Phishing is unfortunately a common occurrence across the internet – from banking institutions, to payment processors and retailers.

While we have security measures in place that are even tighter than some online banking sites, there are still steps we as a company can take to make Coinbase accounts even more secure than average. We've implemented a number of increased security measures, including expanded two-factor authentication measures designed to help lessen the likelihood of successful phishing incidents in the future. We've also added an email verification step for key actions, such as when an API key is enabled.

We will continue to work diligently to ensure customers can feel safe when using Bitcoin. Bitcoin offers a number of opportunities to not just meet, but exceed security levels in online payments. Additionally, we encourage all customers to exercise caution when clicking links to financial institutions or payment services online. In particular, avoid clicking on suspicious or unknown URLs, always check the URL in the top of the browser when signing in to make sure it is spelled correctly, and use updated/modern web browsers at all times. These steps will help prevent a majority of phishing attacks.