← Back to context

Comment by donatj

4 months ago

About a year ago I got an email from an actual Coinbase email address telling me that my account had been compromised. It included a case number.

Trying to log in with my username and password did not work. Moments later I get a phone call, the caller id says that it is Coinbase. Guy on the phone with a thick German accent tells me he's calling about my account and gives me the case number from the email. I know damn well never to trust a phone call you did not initiate, so I'm kind of just stringing the dude along on the phone.

I remember that I had set up a passkey, and try it. I get in with that and immediately run to the emergency "lock my account" button. I tell the guy on the phone that I have clicked it and after a bit of "uhmmm..."-ing and "hmmm..."-ing he just hangs up.

I call Coinbase support and they verify some recent transactions and ask me to forward them the email, and that's that. I still have no idea what the actual attack was or how they changed or invalidated my password. Best I can tell they did not manage to actually get in to my account.

I ended up changing my password to just about everything out of caution.

2 comments

donatj

Reply
cute_boi  4 months ago

Last time I called boss money transfer, i called them and their real agents told me they must call me to verify. I was like, how would I know if it is boss money transfer or scammer. At the end I had to trust because voice was same.

imp0cat  4 months ago 

     how they changed or invalidated my password.

Probably just too many invalid login attempts.