← Back to context

Comment by 8organicbits

7 hours ago

This doesn't seem like proof to me.

The author got a phishing call and reported it. Coinbase likely has a deluge of phishing complaints, as criminals know their customers are vulnerable and target their customers regularly. The caller knowing account details is likely not unique in those complaints; customers accidentally leak those all the time. Some of the details the attacker knew could have been sourced from other data breaches. At the time of complaint, the company probably interpreted the report as yet another customer handling their own data poorly.

Phishing is so pervasive that I wouldn't be surprised if the author was hit by a different attack.

3 comments

8organicbits

Reply
jclarkcom  7 hours ago

My first thought was someone they tied a blockchain transaction to my name and then traced it backwards. But they also knew my ETH and BTC balances, and date the account was opened. You might be able to figure out the open date by looking at the blockchain but I could never determine how they would know balances for two unrelated cryptos without some kind of coinbase compromise.

  • 8organicbits  6 hours ago

    > but I could never determine how they would know balances for two unrelated cryptos

    There's tons of options. Malware, evil maid, shoulder surfing, email compromise, improper disposal of printouts, prior phishing attack, accidental disclosure.

    • jclarkcom  6 hours ago

      true, I can’t rule those out entirely. I access via iPhone to limit attack surface area, the info was never printed, present in emails, or disclosed to 3rd parties