Coinbase Offers Broader Security After BTC Thefts from Phishing Attack

Coinbase Offers Broader Security After BTC Thefts from Phishing AttackSan Franscisco-based Coinbase, the best funded and most promising of U.S. bitcoin wallet services, has been having theft issues, but the scale of the incidents is uncertain.
Backed by $25 million from Andreessen Horowitz, Coinbase has had explosive growth, likely approaching 1 million customers later this year.
But even the more reliable bitcoin startups such as Coinbase are not immune from hacker-thieves. Coinbase provides a payment platform for businesses and trading for individuals who can sell and cash-in their BTCs via their bank accounts.
“A few weeks ago, we learned that a small handful of Coinbase customers were victims of a phishing attack, which resulted in bitcoins being taken from their accounts,” Coinbase said in a blog post Friday. “Phishing is unfortunately a common occurrence across the internet – from banking institutions, to payment processors and retailers.”
Coinbase has become a bit of haven for bitcoiners looking for credibility and reliability in the movement of bitcoins and seamless integration with the U.S. dollar.
But The Verge painted a larger scale problem at Coinbase, calling it “a string of Bitcoin thefts that have hit the service in recent weeks.”
A Coinbase user named Jeff, who lost 10.6 bitcoins December was profiled. Jeff’s story took an unusual twist. His refunded money was stolen from the service yet again. The Verge also said that two separate thefts hit Coinbase users for amounts of $16,000 and $5,000, respectively. The total of the thefts, the media report said, is about $40,000.
That may be considered small-scale for a bitcoin wallet enterprise that crossed 650,000 users in mid-December. But the true scale is not known.
Nonetheless, Coinbase has detailed has responded with additional security measures.
“While we have security measures in place that are even tighter than some online banking sites, there are still steps we as a company can take to make Coinbase accounts even more secure than average,” Coinbase said. “We’ve implemented a number of increased security measures, including expanded two-factor authentication measures designed to help lessen the likelihood of successful phishing incidents in the future.  We’ve also added an email verification step for key actions, such as when an API key is enabled.”
Coinbase is also introducing the ability for each user to have multiple API keys with different sets of permissions. This means that users won’t have to share one key between applications — especially global permissions is enabled, increasing the risk of a security breach.
“All keys created from now on, will be accompanied by a secret, that you will use to sign requests as you make them,” Coinbase said. “This is called HMAC Authentication.”
Some advice from Coinbase:
“Additionally, we encourage all customers to exercise caution when clicking links to financial institutions or payment services online. In particular, avoid clicking on suspicious or unknown URLs, always check the URL in the top of the browser when signing in to make sure it is spelled correctly, and use updated/modern web browsers at all times. These steps will help prevent a majority of phishing attacks.”

Leave a Reply

Your email address will not be published. Required fields are marked *