the coinbase compromise was way worse than they made it seem
apparently offsite customer service reps had full database access to transaction history, including bitcoin addresses, home addresses, phone numbers, emails, and bank info
Discussion
Any specific time frame or was it all customers?
my understanding it was all customers, legit full database access, but the wealthiest users seem to be the focus
300 pizzas on the way to Mr M. Saylor…
If you believe their press release it was less than 1% of their customers but it’s only a matter of time before more data leaks.
As long as they don’t delete anything (hint: they won’t) then this will inevitably affect all customers.
SO, SO, SO, GLAD I GOT MY SHIT OFF THAT SHITCOIN EXCHANGE!
STRIKE FOR THE WIN!
What made you choose Strike over River? Just curious, I have no hard position against Strike.
I HAVE NO HARD POSITION AGAINST RIVER - I JUST DIDN’T LIKE SOMETHING THAT LIESHMAN SAID ON THIS PODCAST HE WAS ON A YEAR OR TWO BACK. AT THAT TIME I HAD USED BOTH AND JUST MOVED TO ONLY USE STRIKE GOING FORWARD.
I THINK IT WAS ONE HE DID WITH PRESTON AS I RECALL - OTHER THAN THAT I ALSO JUST VIBE WITH MICH OF WHAT MALLERS IS DOING - THOUGH IM NOT A SUPER FAN OF THE TETHER TOMFOOLERY BUT I UNDERSTAND WHY HE IS DOING IT
I THINK IT DOESNT HELP BITCOIN AS MUCH AS IT HELPS PROFITS - WHICH JUST FEELS A BIT DIRTY TO ME UNLESS YOU DO MORE THAN JUST OBTAIN MORE BITCOIN FOR YOURSELF - THERE ARE WAY, WAY, WAY TOO MANY PEOPLE NEEDING TO BE ONBOARDED TO THE NETWORK FIRST
This reminds me I need to buy some more ammo.
KYC for the Big L
kyc laws are evil but blaming this on those is giving coinbase too much credit
customer service should not have access to all this info
Does it actually matter they had access to everything?
They need emails and transaction history to answer questions for customers having problems. An email is good enough to look up someone’s address and phone number based on all the other leaks online.
I guess we could argue that coinbase could build a system that obfuscates the email from customer support but there’s still a large group of developers and sysadmins and auditors who have access to that information and can be compromised (either the person or their equipment)
It is a breach of Least Privilege, which is a fundamental cybersecurity principle. An egregious error on Coinbase's part. Anyone with even just a Sec+ (i.e., me) knows this.
Sup Odell.
Just like ledger, Coinbase is a scumbag company with douchebag products & services.
this is why ten31 and opensats exist
got sick of complaining about these shitcos on twitter, much more effective building out strong competitors
kill your customer
Proof that wall street is retarded. I highlighted the news release of the compromise.. 
Who is still actively using coinbase? Just larger companies using them for custody?
None of the kyc exchanges I've used in the past have my current address, but strike does. So this has me wondering what strikes security looks like and if they're advocating for additional security for their users?
we have strict access controls on sensitive user info and all customer service reps are well paid, vetted, and hired internally
I don't doubt that. Moreso it'd be cool for them to push some educational materials to customers that'd help in the event of this type of breach. No one is "unhackable" but I'm guessing the answer is just offsite multisig.
will consider, it is difficult because there is no “one size fits all” advice
highly recommend multisig for large holders, anchorwatch is a solid option for less technical users, they hold your hand through the process and insurance covers theft
onchain privacy is an important piece as well
and home security in general, cameras, guns, etc - don’t be a soft target
KYC is the problem! That's my note
KYC is the illicit activity
Good Opsec premium just skyrocketted! Your KYC list is only as secure as the salary of those who have access to the database
#KYC is one, if not THEbiggestt, security risks...
I have an pre KYC Coinbase account and Coinbase wants me to KYC to delete the account. They can keep my burner email and Wtv Bcash is left on there.
Fuck sake. They can't be trusted with the data. None of them.
If only someone in their support department had warned them this was stupid and risky when they were first set this up years ago, maybe they would have listened…
Oh yeah, it’s Coinbase. They care as much for their support reps as they do their customers, so that’s a big fat nope.
did you used to work for coinbase support?
Conbase is gonna have some massive legal problems coming
Might be a good time to either get a proper gun or 3D print one for those affected
and proper training, incredibly important
100%
Most local police hold classes in the US
Another win for those renting. I signed up with Coinbase five addresses ago.
It isn't all that hard to find an address in some places. Especially the US. I've found people I hadn't seen or spoken to in years.
Coinbase negligence is putting people in physical danger.
Sure revisit your opsec, how about moving to a city where you can justifiably defend yourself and bear arms.
Much less trying and more finding out. 🔫
Odell could've posted this to X and played the game of centralised algorithms, probably would've got a bigger audience but has made a conscious choice to be the change he wants to see in the world.
But why were they on Coinbase :-) .. wasn't they the "self custody" supremo ? May be I am wrong ..
Lesson - don't listen to the GURUs 😭😭😭 .. oh may be it is a free promo .
Holly molly .. it is a promo .. COIN up five percent this morning ..
By the time this all shakes out, buying from a stranger in a parking lot may prove safer than buying from Coinbase 🤦♀️
My family rents mainly because we feel morally conflicted in increasing M2 money supply to purchase a home, and I’m not selling 🌽 to buy a house. But beyond that, companies make you put in your address for everything nowadays, and things are shipped to you all the time.
Until personal data is taken seriously and secured uncompromisingly, staying on the move through renting is just another layer of opsec.
I deleted my account last year 🙏
Big oof!
These were the types of posts that onboarded me to X nostr:npub1dgpt04w4c88wc0g262xaw8zvlm4mvwtmjhl0tn2sxtyjywsn6q4qt8ka3a
#odellonboardedmetox
The good ones seem to get to nostr
Odell keeps posting X screenshots. I guess I should start an X account for the alpha.
if interesting shit happens off nostr, people should cross post it here
strictly different than feeding the beast by posting there
Yes it was. Fucking terrible.
DANG
ENJOY THE NOISE
Wow 🤢🤮🤷♂️ fuck the exchange
KYCing should be illegal
Ouch! 🙄😱
YIKES !
Make #DeleteCoinbase great again.
Doesn't really help you since they have to save all that data for years.
What is Coinbase?
Ouch… Hate this kind of thing. Be careful out there people
The brutal truth is that all that data can be used to do a multiple of things. I think I was a dumb idea for coin base not to pay the hackers.
But such data is detrimental to customers if it hits dark web 🕸️
Paying them won’t make them delete the information.
🙂⚡🙂 there is a code - and they wouldn't go against it if they got paid. But they gonna just dump it on the dark web for others to rip and I am sorry 😞 for all those coin base customers - drivers license 🪪 ssn - enough information for someone to literally take over your identity 🆔.
Yeah, I really trust the code of thieves.
lol
I started getting fake text messages and calls from “coinbase support” today saying someone logged into my account from Paris. I haven’t used coinbase since like 2019.
I got one a few weeks ago saying it was logged into from Tokyo even though I deleted my account ages ago.
fuck kyc
I don't mind it if it's with a trusted company like Strike. But, I would never leave more than $100 on ANY exchange. That's for sure.
Every company is trusted until it isn't. Strike isn't immune to scew ups or attacks, which is why we shouldn't have to trust any company with unnecessary data.
You should mind.
I'm aware. That's why I said i barely keep any money on an exchange. To be clear, I don't use Strike for purchases. I use Robosats for that. I just use strike to pay bills with whatever cash balance is needed.
Fair enough. Robosats is something I found recently. Interesting concept.
A lot of people are intimidated by the purchasing process. It's much easier than it seems, though.
How do we know they had such access?
😞
This is why #privacy matters.
KYC is dangerous.
Slowly every Bitcoiner will realize that KYC data and a transparent, public blockchain is a terrible combination for a store of value.
KYC data + withdrawal addresses on a public, transparent blockchain - what could possibly go wrong?
Magically whenever there is data breach it’s always less than 1% of customers affected
Wow, that's good tho. Lol
