If you’re looking to dive into the exciting world of Bitcoin, chances are you’re going to get your start with Coinbase, one of the more reputable of wallet services that boasts about $15 million in Bitcoin transactions per month. As one TechCrunch editorsaid, “It’s the one I would tell my mom to use.” But even the best of Bitcoin can be prone to theft, and as The Verge found out, that susceptibility has lost users upwards of $40,000.
One user named Jeff confirmed to The Verge that hackers managed to swipe 10.6 Bitcoins (totaling around $10,000) from his Coinbase wallet in December of last year. He eventually got his money refunded, but barely a month later, Jeff fell victim to another attack, this time losing $7,000 in addition to his original ten. While he was able to save the additional $7,000, which the hacker had used to make a new Bitcoin purchase, his original 10.6 Bitcoins were gone. Coinbase refused to refund him a second time.
It’s not just Jeff, though; there have also been two other recent Coinbase thefts totaling $21,000. The thing is, it’s not that Coinbase necessarily has some service-wide vulnerability; it’s Coinbase’s API key, which is the code that grants programmers access rights. Part of the appeal of Coinbase is that, according to The Verge, “the right API key will let any program move bitcoins in and out of a given accounts.” So as soon as the key is compromised, hackers pretty much have free reign to do whatever they want with your account.
More than just Coinbase’s API, though, the anonymous nature of Bitcoin itself makes reversing transactions impossible and laundering money far too easy. So regardless of Bitcoin’s appeal as an untraceable, anonymous form of payment, keep in mind that it may not quite be the foolproof solution you’re looking for. [The Verge]
Update 11:05 AM:
Coinbase has reached out and provided us with the following statement.
A few weeks ago, we learned that a small handful of Coinbase customers were victims of a phishing
attack, which resulted in bitcoins being taken from their
accounts. Phishing is unfortunately a common occurrence across the
internet – from banking institutions, to payment processors and
retailers.
While
we have security measures in place that are even tighter than some
online banking sites, there are still steps we as a company can take to
make Coinbase accounts even more secure
than average. We’ve implemented a number of increased security measures,
including expanded two-factor authentication measures designed to help
lessen the likelihood of successful phishing incidents in the future.
We’ve also added an email verification step for key actions, such as
when an API key is enabled.
We
will continue to work diligently to ensure customers can feel safe when
using Bitcoin. Bitcoin offers a number of opportunities to not just
meet, but exceed security levels in
online payments. Additionally, we encourage all customers to exercise
caution when clicking links to financial institutions or payment
services online. In particular, avoid clicking on suspicious or unknown
URLs, always check the URL in the top of the browser
when signing in to make sure it is spelled correctly, and use
updated/modern web browsers at all times. These steps will help prevent
a majority of phishing attacks.
