39 comments

[ 4.3 ms ] story [ 77.8 ms ] thread
Mt. Gox Part Deux. This is why I go by the adage "If you don't own the keys, you don't own the crypto".
As much as I agree in general, if you own the keys and fuck up, then there would be no one to make you whole.
Do you believe Coinbase are going to cover people's losses?
(comment deleted)
This is almost nothing like Mt. Gox.
You either didn’t bother to read the article or you have no idea what happened to Mt. Gox. Either way, you are wrong.
This was posted a few days ago with a much less sensational headline. Also important to note it was 6,000 users and Coinbase has made them all whole.

https://news.ycombinator.com/item?id=28719786

What does “made whole” mean here? They transferred the missing crypto to the users?
I'm also curious as to why I keep seeing the vague and somewhat uncommon expression "to make whole" in relation to the Coinbase breach. I have neither the time nor the interest to dig into the matter, but my astroturfey-senses are tingling.
I've heard the term used in libertarian circles. I think it's justice without punishment. Instead of the offender being slapped on the wrist, imprisoned etc., the offender must work to restore the victim to how they were prior to the offense.
It’s an incredibly common phrase which has nothing to do with Libertarianism.
"(transitive, finance, law) To provide (someone), especially under the terms of a legal judgment or an agreement, with financial compensation for lost money or other lost assets."

https://en.wiktionary.org/wiki/make_whole

Right but did they get money? Did they get the missing coin replaced? Is the price volatile enough that getting dollars instead of coin less attractive?

I don’t understand.

They made $1.6B in profit last quarter, I think they can swing it regardless.
I am unconvinced that Coinbase didn't have some sort of breach here. I don't believe they disclosed everything.

Multiple people I know with Coinbase accounts were solicited by the hackers - none of them have ever mentioned to anyone that they had a Coinbase account on any social media platform.

Discussion last Friday (re: California notice): https://news.ycombinator.com/item?id=28719786
That notice is toes the line between disclosing the absolute minimum and remaining compliant.

They never deny being hacked, but never admit it either. ...and they pretend that it was likely all the users' fault.

Person I know tried to reach Coinbase support human to no avail.

He searched google for "coinbase support number" and dialed the number found.

Friendly operator guided him to solve a problem.

$50k lesson learned.

Did he solve the problem?
Yes, now he has no cryptocurrency so now he has no problem.
I take it the number was fake and that he lost his money.
The reddit coinbase/pro sub, there are scam accounts on there that message you "Hi this is official support" something along those lines.
On pretty much every crypto exchange telegram support channel - the moment you ask question - some friendly "support admin" will try to contact you and "help".
He should invoice Amazon for establishing the perverse norm where googling-for-support-contact is the only way to find such info.
Where does that work? I tried googling for Amazon support contact after I got locked out of my Amazon Japan account. There is no email address; there is one phone number where a bot tells you to use the website.
Works in the US for both phone and chat. I’m surprised it’s like that in Japan, given how the culture values courtesy so highly.
Amazon.de has a callback service (or the chatbot, which I actually prefer as soon as it connects you with a human), is that not available elsewhere?
Odd that someone capable of obtaining 50k in crypto was able to be scammed in that fashion, particularly when the real phone number shows up in big bold font when googling "coinbase support number"..

To be fair, the search results may well have changed in between now and then but the support number isn't that hard to find on the coinbase site. Are you sure this person is being truthful, and not running their own scam?

This problem isn't specific to Coinbase.
For that amount, it seems like it would be worth trying to sue Google. It may be next to impossible now if they no longer display that phone number though.
If you're not running a full node on your own encrypted hardware, you shouldn't be doing anything but playing with crypto. It's almost as if the current financial system evolved over hundreds of years of hard lessons learned to have certain tradeoffs like reversible transactions that mitigate this threat for the general populace.
You wouldn't need deposit insurance if transactions were reversible.
Cryptocurrencies should be banned. Waste of human effort, advanced manufactured goods, and electricity.
Banks should be banned. Waste of human effort, advanced manufactured goods, and electricity.
If this is the same SS7 protocol flaw that security experts have been using to justifiably avoid SMS in 2-factor auth schemes forever now it's face palm inducing. Not that this sounds like a simple hack if they also compromised inboxes. Sounds like the victims were already very well owned at that point. Lesson learned I guess. I wonder how much it cost Coinbase.
Even 2FA's aren't safe from the hackers and to think that it is coming from Coinbase.
at this point i'd just expect any exchange to be breached at some stage.

if you want to be be safe you should store your crypto in cold storage rather than online