Coinbase erroneously reported 2FA changes to 125,000 customers
Cryptocurrency exchange Coinbase sent an automated message to many of its customers on Friday, stating that “your 2-step verification settings have been changed.” Unfortunately, the message was sent in error – according to Coinbase’s tally, 125,000 of those messages were sent (via email and text) to customers whose 2FA settings had not changed.
According to Coinbase’s own acknowledgement On Saturday, his system started sending the erroneous messages at 1:45 p.m. PT on Friday, and continued to send them until the error was mitigated at 3:07 p.m.
In this Twitter thread, Coinbase acknowledges the potential for confusion of bogus 2FA messages – the confusion that retiree Don Pirtle told CNBC has caused him to panic sell more than $ 60,000 in cryptocurrency. Pirtle held this large wallet as an investment for his grandson, so the panic selling may have been as much a blessing as a curse – he now wonders if cryptocurrency was a safe investment in the first place.
Coinbase says the bogus 2FA messages were the result of an internal error, not hacker activity. “Suddenly the system just started sending stuff like a bug in the system,” Coinbase spokesman Andrew Schmitt told CNBC, adding “but it was not a malicious or third party error. “.
Build trust and security?
We are laser-focused on building trust and security in the crypto community so that the open financial system we all want is a reality. We recognize that issues like this can undermine that trust.
– Coinbase (@coinbase) August 28, 2021
Although Coinbase tweeted its “laser [focus] on building trust and security in the crypto community, ”the panic among its affected customers is understandable. In addition to a general history of hacked crypto exchanges, including Bitfloor, Mt. Gox, Bitfinex, CoinCheck, QuadrigaCX (technically not a hack), and KuCoin — Coinbase itself has a bad reputation for responding to customers who have been hacked individually.
Most major financial institutions take out cyber fraud insurance policies and cover hacked checks or savings accounts. “If you are the victim of no-fault cyber theft, most of the big banks will cure you,” Bankrate.com CFA Greg McBride told USA Today.
The same is not true of Coinbase, which recently told a hacked customer that “there is no credible or justifiable evidence that the compromise of your login credentials was Coinbase’s fault. As a result, Coinbase is unable to reimburse you for your alleged losses. . ”
In addition to a strict “your hack is your problem” policy, Coinbase has been accused on several occasions of reacting extremely slowly to serious customer problems. The Twitter thread in which he advertised the bogus posts quickly turned into users complaining about poor customer service regarding wallets that have been locked for weeks or months.