Most active commenters

    ←back to thread

    Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

    (www.cnbc.com)
    410 points gpi | 11 comments | 15 May 25 15:52 UTC | HN request time: 1.291s | source | bottom
    Show context
    thepasswordis ◴[15 May 25 16:40 UTC] No.43996769[source]
    The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.

    And what that means is that

    1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.

    2) Hackers can try to “recover” accounts now using this leaked info.

    This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

    The only solution here is: hardware 2 factor like yubikeys.

    replies(9): >>43996798 #>>43998374 #>>43998426 #>>43999299 #>>43999324 #>>43999430 #>>43999499 #>>43999782 #>>44001348 #
    SimianSci ◴[15 May 25 19:21 UTC] No.43998374[source]
    The Crypto industry continues their speedrun of rediscovering all of the reasons for why the global financial system exists.

    What you've described is the same thing that many Crypto enthusiasts call a "Bank"

    replies(3): >>43998471 #>>43999321 #>>43999346 #
    1. knowitnone ◴[15 May 25 19:33 UTC] No.43998471[source]
    except banks staff can easily be bribed too. There is plenty of bank fraud happening.
    replies(3): >>43998520 #>>43998829 #>>43999576 #
    2. nipponese ◴[15 May 25 19:39 UTC] No.43998520[source]
    I can walk into a bank branch and show documents.

    I guess I can walk downtown to CB HQ, but something tells me I won't get past the front desk.

    3. suzzer99 ◴[15 May 25 20:10 UTC] No.43998829[source]
    If my bank money gets stolen from me via fraud (unless I literally just Zelle the scammer), I get it back. That's the big difference.
    replies(2): >>44001390 #>>44005810 #
    4. victorbjorklund ◴[15 May 25 21:38 UTC] No.43999576[source]
    Can you show us that? Where the consumer is left with no money at all and bank does not take the loss.
    replies(1): >>44000958 #
    5. hiatus ◴[16 May 25 01:18 UTC] No.44000958[source]
    Go Zelle someone and try to get the money back.
    replies(2): >>44002259 #>>44017214 #
    6. SoftTalker ◴[16 May 25 02:45 UTC] No.44001390[source]
    Zelle is ultimately a bank transfer. Yes they say to consider them like sending cash, but a bank transaction is at least tracable to a real account owner, who could then be pursued in the case of fraud, and it well might be reversible if push came to shove or if there is documented fraud.
    7. xeromal ◴[16 May 25 06:06 UTC] No.44002259{3}[source]
    When I was "hacked" two years ago, their final hurrah before I finally got everything offline for a time, they sent zelles as much as they could and was able to recover it without any loss on my end.
    replies(1): >>44004393 #
    8. hiatus ◴[16 May 25 12:03 UTC] No.44004393{4}[source]
    I guess things have changed since it has not always been the case that the bank would reimburse you.

    https://www.nytimes.com/2022/03/06/business/payments-fraud-z...

    replies(1): >>44005026 #
    9. xeromal ◴[16 May 25 13:07 UTC] No.44005026{5}[source]
    Yeah, I think it truly depends on whether you hit the send button or not. Since I was hacked, it wasn't me hitting the send button.
    10. anton-c ◴[16 May 25 14:16 UTC] No.44005810[source]
    I know it's the massive exception but I was reimbursed when the exchange that tried to rugpull its users felt legal pressure. Things have changed slightly over the years - don't get me wrong, scams are still rampant.

    It's been ages since I was in college and had an overdraft or some other bs bank related fee, but the bank manages to 'scam' you legally too. I'm just playing devils advocate and sharing an anecdote, I'm minimally involved in crypto anymore.

    11. victorbjorklund ◴[17 May 25 21:44 UTC] No.44017214{3}[source]
    If YOU are the one sending the money of course it is not a hack etc becuase YOU are sending it. If Zelle is hacked and someone steals your money through that hack you will not be left with the loss.