Hackers steal over 40 BTC from Coinbase within chain of Bitcoin thefts

A string of hacks that targeted Coinbase, the world’s most well-funded Bitcoin wallet, has led to a loss of more than 40 BTC that hit different users of the service.

The main character of this story, reported by The Verge, is Jeff, who lost 10.6 BTC in December of last year (equivalent to around $10,000 at the time). The man, who wanted to keep his last name anonymous, was the victim of a hack and managed to get a refund from Coinbase.

However, a month later, Jeff’s account was attacked for a second time and he lost an additional $7,000, besides his original amount. He was able to save the $7,000, but not the 10.6 BTC, as Coinbase refused to refund him again.

But Jeff is not the only one: there are two other registered thefts that resulted in the loss of $21,000 and more unconfirmed reports at Coinbase’s sub-Reddit.

tumblr_inline_mv3iyxG6Zd1rq0xc0The problem, as researchers from the security firm FireEye told The Verge, is Coinbase’s API key. “Used to let third-party apps access Coinbase accounts, the right API key will let any program move Bitcoins in and out of a given accounts. Once the key is compromised, attackers can even access linked bank accounts to purchase more Bitcoins. Users are advised not to authorize the API key if they don’t need it“, reads the article.

Meanwhile, Coinbase released a statement regarding the matter. “While we have security measures in place that are even tighter than some online banking sites, there are still steps we as a company can take to make Coinbase accounts even more secure than average”, the company said.

“We’ve implemented a number of increased security measures, including expanded two-factor authentication measures designed to help lessen the likelihood of successful phishing incidents in the future. We’ve also added an email verification step for key actions, such as when an API key is enabled”, the statement adds, recalling that it is important for “all customers to exercise caution when clicking links to financial institutions or payment services online”.

Bitcoin Video Crash Course 

Dummy-proof explainer videos enjoyed by over 100,000 students. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.

newest oldest most voted
Notify of

Seems more like the users were not able to keep their devices secure.. So it’s not really Coinbase’s faullt.



Nice of coinbase to take care of that person. I had 22 hacked and removed from BLOCKCHAIN and those fuckers never bothered to even contact me after hundreds of emails…. May those running blockchain all be stricken with cancer and DIE.