This morning, my Coinbase and Discord accounts were hacked, resulting in the thieves transferring all my funds to a Chime bank account. Fortunately, Coinbase support managed to halt all outgoing transactions just in time. I'm at a loss trying to figure out how they pulled this off. I had SMS-based 2FA set up, which I now realize isn't enough protection. I received multiple 2FA texts with temporary login codes this morning, which makes me suspect a SIM cloning attack. However, I contacted Verizon and they assured me that there were no attempts to access my account or transfer my SIM. I'm puzzled about how they could have accessed my SMS verification codes. Here's what I've done so far:
1. Changed all important passwords and set up 2FA with Google Authenticator on every account I could.
2. Checked for suspicious activity on Microsoft, Apple, Google, and Discord accounts and found nothing.
3. No hackers have contacted me with demands or anything.
4. I live alone and no one physically accessed my phone or computer.
5. Ran two virus scans on my PC, and everything came up clean, even when offline.
6. My hacked Discord account has a different email than Coinbase and sent out a crypto scam to my contacts. I've logged out of all devices and informed my contacts to ignore any weird messages from me.
7. I flagged my bank and Verizon to catch any suspicious activity.
My brain is racing with possibilities of how this could've happened. I'm looking for any advice on what steps to take next.
5 Answers
There are several ways the hackers might have accessed your accounts:
1. They could have stolen session cookies, which don't require MFA to access your account.
2. A SIM cloning attack is a possibility, despite Verizon not finding any evidence.
3. They may have accessed your account with another MFA method you aren't aware of.
4. One of your devices could be compromised. Running a scan doesn't always guarantee your device is safe, so consider consulting a professional.
Make sure to log out of all devices for added security and talk to higher-level support at your cell provider about your concerns.
Yeah, I need to research stolen session cookies. It’s frustrating dealing with customer support when they don’t fully grasp the issues!
A few months ago, Google experienced a hack affecting their password management system. Make sure you're not at risk from that too!
Wow, that would be a disaster for my security! I’ll definitely look into that.
Is your phone linked to your computer? Sometimes you can read texts from your phone directly on your PC. Just saying, that could be a vector for hacking.
Nope, my phone is an iPhone and I just have a Windows 10 desktop. I never connected them in any way.
To avoid future hacks, consider keeping your crypto in cold storage. It's much safer than online wallets.
Point taken! I’ll definitely look into cold storage as soon as I can recover my funds.
It sounds like your phone might have been compromised. Since it's the one receiving the SMS messages, if malware has the right permissions, it could send your codes straight to the hacker.
I’ll run the updates and do another scan, but I usually only download from the App Store.
Thanks, that makes a lot of sense! I logged out of all my accounts already, but I need to dig into session cookies. What do you mean by the MFA method they might have accessed?