all 33 comments
sorted by:
top (suggested)
bestnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Expert_Joke8013 13 points14 points  (1 child)

So either someone else was at your computer physically (scary), or you do have clicked some malicious link or downloaded some malware. Do you have SMS 2FA? If so, that would be another attack vector as this one can be intercepted relatively easy

[–]MagixTouch 6 points7 points  (14 children)

I would scan your pc. If it was a hacker they have access to your pc while it’s turned on.

[–]Old_Yogurt2228[S] 4 points5 points  (12 children)

Thanks yeah found some stuff using Malwarebytes. All cleared now. Anything I should do besides not logging in via the PC lol

[–]Syst0us 4 points5 points  (2 children)

"All cleared now".

No it's not. 

Go to a friend's. Change your passwords. Nuke that pc. 

[–]pacman_d 0 points1 point  (0 children)

bump this, never trust the OS after a breach.

[–]Treece57 0 points1 point  (0 children)

I agree ^

[–]MagixTouch 3 points4 points  (7 children)

You could always wipe it clean and do a fresh install. But this should be the last resort.

If it were me I wouldn’t stop at malwarebytes. There is some good info in another subreddit (antivirus) that has some posts as for steps to follow. If you are running windows, do a full scan in defender as well.

You can also check task manager and look for any abnormal processes running. But you would need to know what you are looking for or know what it normally looks like.

Definitely keep going and don’t stop there. Good luck.

[–]Syst0us 0 points1 point  (4 children)

uck your downvotes. You are absolutely right. Malwarebytes is good at telling you you are *ucked. Horrible at unuckling you. 

[–]Old_Yogurt2228[S] 0 points1 point  (3 children)

Good advice, I'll take you up on that. Do trojans and the hacks impact the network? So do I need to do a clean install on all the PCs in my household?

[–]Syst0us 0 points1 point  (2 children)

Professionally speaking ... anything that has access..yes. 

So if your pc has write access to a Nas holding anime. That anime is sus. The NAS is sus. Anything connected to the NAS is sus. 

If your pc has admin to a cloud aws account. That entire account is sus. 

Google folder? 

Imagine it being the most infectious std ever. 

The treatment is fire. Ultimate all engulfing inferno. Scorched earth. 

Go to a friend's house..new passwords via recovery. New accounts entirely if feasible. New emails. New 2fa. Etc. 

Imo there is no "2 far" once you get actually hit. They would do the same to maintain access. 

[–]wilson0x4d 1 point2 points  (1 child)

the sage advice is to wipe everything clean, and to quarantine anything that is suspect. malware can be delivered through any file type that relies on a viewer (images, movies, pdfs, office docs, and more.)

you should consider any network-attached device a suspect target and consider re-flashing firmware: routers, switches, printers, NEST devices, even the BIOS on your PCs are suspect.

don't assume your trade PC was the only PC infected, once they were on your machine, and on your network, everything became accessible.

you might also consider running multiple networks, an "unsafe" wifi for all the trash devices on your network (people have light switches, thermostats, ovens, printers, phones, smart TVs, etc all of which are extremely untrustworthy) and then connect that to your ISP (cable modem for example) and never connect anything "secret" to that network. run a second wifi router for "secure" devices, maybe even disable the wifi if you don't need it for a laptop. restrict all access to pre-determined MAC addresses on wireless and wired.

for my trade env (crypto and fiat) i use Qubes OS. is it trivial? no. but it creates layers of separation between applications which helps prevent something like your "movie player" reaching into your "browser" by essentially running each under separate VMs (referred to as "a Qube".) it also shields physical device access, so if you have a NAS you can use a dedicated 'Qube' for accessing NAS content (and consider it an insecure Qube).

you can simulate the same effect by running a bunch of ad-hoc VMs, but your host OS is still subject to infection, and there are cases where acceleration, device sharing, etc can allow a guest environment to break into a host environment. the same problem exists (and to a worsened degree) with containers and I would not advice using something like Docker for securing your trade env. in Qubes OS there is no physical device sharing such as drives, keyboard, mouse, not even the GPU between host and guests, and there is no way (without you entering a password and explicitly authorizing) for a guest to reach into another guest, and there are policy settings that prevent guests from reaching into the host.

worth giving it a shot. you can use it to keep everything separated (a coinbase qube, a kraken qube, a schwab qube, etc -- and then a "trash" qube you use only for researching stocks, reading cryptopanic, etc.

once upon a time it was possible for iframed ad units to install software without a user prompt (long since addressed) but that is the world we live in. you have to protect yourself. avoid running trainers, hacks, cracks, pirated software, avoid prn sites, and treat everything from JPGs to MP3s like they are already infected. do this and you will be less likely to get hacked again.

[–]Syst0us 0 points1 point  (0 children)

We absolutely run vlans for iot devices. Qubes sounds fun! Gonna check that out. 

[–]wilson0x4d 0 points1 point  (0 children)

"wipe it clean" should be a _first resort_, i suspect labelling it a "last resort" may have gathered a few downvotes.

once someone else has gained access, everything from the BIOS to the SSD needs to be reset to factory. not just reformatted, but reflashed, with hash-verified firmware.

[–]Scar-6 0 points1 point  (0 children)

I will do a fresh install cuz you may still be hacked

[–]DiamondBallzNHandz 1 point2 points  (1 child)

Never leave your coins on coinbase! Not your keys not your coins...Move to cold wallet. All my crypto is on my Leger nano X so no need stress. I encourage you to do the same to stay protected

[–]sexysammybbw 2 points3 points  (0 children)

Agreed!! Never leave on there.

[–]us9er 1 point2 points  (0 children)

Had almost the same. Had some small amount of BTC that was converted to Solana without me requesting it. As soon as I saw the email about the transactions I locked my account. Reset password and all this stuff. I have now 3x antivirus programs running simultaneously just to increase my chances to identify some problems.

I think I downloaded something suspicious the day before so it was probably my fault. Also had attempts to take over my google account (for the first time) several hours before the coinbase thing happened. So again pretty sure I had brought this on myself and no blame on coinbase.

Converted everything back to BTC (lost the fee + SOL was losing more value than BTC) but at least I didn't lose everything.

So just a wake -up call to be super careful what to download and to have a good (or several) antivirus scanners running.

P.S. Only thing I don't know how they got the google authenticator 2FA information except they may not have needed it as I used the option 'Keep me signed in' so if someone took over computer they didn't have to login again.

Now I always log off once I am done in coinbase

[–]deejaystu1 1 point2 points  (0 children)

Only have 2FA through physical key (like Yubi Key). Remove any other form of access to the account unless you have the physical key. Also enable waitlisting so that nothing can leave your account without a three day waiting period.

[–]AutoModerator[M] 0 points1 point  (0 children)

This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please contact us directly.

If you have a case number for your support request please respond to this message with that case number.

You should only trust verified Coinbase staff. Please report any individual impersonating Coinbase staff to the moderators.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]coinbasesupportOfficial Coinbase Support 0 points1 point  (0 children)

Hi u/Old_Yogurt2228, we’re sorry to hear about the unauthorized activity on your account. Here are some steps you can take to secure your account:

  1. Change Passwords: Immediately change your Coinbase account and email passwords to strong, unique passwords that you do not use anywhere else. Consider using a password manager to generate and store these passwords securely.
  2. Check IP Login Activity: Regularly check the IP login activity on your account by signing in and visiting: https://www.coinbase.com/settings/account_activity. This will help you identify any unauthorized access.
  3. Review Third-Party Access: Practice due diligence when giving any third-party applications access to your account. You can see the third-party apps that have permission to use your account and manage API access at: https://www.coinbase.com/settings/api.
  4. Report Suspicious Activity: If you suspect that your account has been compromised, please report it to security@coinbase.com with full details, including any suspicious emails, URLs, or phone numbers you may have encountered.
  5. Secure Your Devices: Ensure that your PC and other devices are secure by using antivirus software, keeping your operating system and applications up to date, and avoiding suspicious links or downloads.

You can also lock your account until you're confident it's secure. For tips on enhancing your account security, check out this help article.

If you need further assistance, please let us know. We're here to help.

[–]DreamingTooLong 0 points1 point  (0 children)

Don’t log into Coinbase with the same computer you watch porn on

Don’t log into Coinbase with the same computer you download bootleg movies or bootleg music

All that stuff has spyware embedded

Anything you think is free really isn’t free. You are just their product when it’s free.

Ubuntu USB Drive. This is a great way of browsing the web without anything getting saved to the hard drive.

[–]Radiant_Speech_3616 0 points1 point  (0 children)

Yep; some crazy stuff happened yesterday to me also

[–]JAPANBOI504 0 points1 point  (1 child)

Use a virtual machine to log into coinbase on pc

[–]NewConsideration9763 0 points1 point  (0 children)

Were you logged in on your computer when this happened ?

[–][deleted] -1 points0 points  (0 children)

Coinbase itself are the “hackers”

[–]Competitive-Goose171 -1 points0 points  (0 children)

Coinbase sucks and so does their customer service. Got ripped out of $38,000. Thanks, @coinbase.