Avatar
YS πŸ«‚ 9mo ago

Hey #nostr, a quick question for y'all.

I received an email from Coinbase about a successful update of my API keys. I have a key for auto DCA, so this was odd because I haven't touched it. I logged in to check whether the account had been compromised and found nothingβ€”no activity on the account, no logs of editing the key, no orders, and no changes in security. My DCA also stopped working because it seems like the key has indeed been changed. I'm confused and spooked. I have all the security measures in place, and the keys I'm using are the new ones. Any ideas?

Reply to this note

Please Login to reply.

Discussion

Avatar
dabro 9mo ago

No, idea, but get out of Coinbase and use bitcoinwell. com instead

Avatar
Rob 9mo ago

nostr:npub1wfvjajv0336mpxhdk6xvlafp20p8mch5083wyjd6xxnerlaxf5kqhsvx9a any advice for Yarik, a fellow Roca Sol alumni?

Avatar
BITCOINALLCAPS 🐦 🐦 🐦 9mo ago

Ya so this is a classic red flag of something being wrong with your account. Assume it’s compromised. Disconnect any auto deposits you have to coinbase from your bank account and begin the process of migrating things to cold storage and using non custodial platforms like bitcoin well. Coinbase is a notorious honeypot for accounts getting compromised for one reason or the other. The email you got could also have been malicious somehow. Please be careful and at least self custody in cold storage your bitcoin. Coinbase is generally terrible and has horrible support too.

Avatar
YS πŸ«‚ 9mo ago

Yup, that's why I got spooked. I have all the 2fa enabled, my withdrawals are whitelisted and I tried to cut off any possibility of a malicious activity. I only use self custody and Coinbase is used for DCA only.

Extremely odd stuff. Yes, I will be moving away from it. Thank you for the reply

Avatar
YS πŸ«‚ 9mo ago

So first I get this:

Then a day later I get this email:

What's interesting is that the key is the same, nothing changed about it. There is no activity, logins etc. The key is only used in the script that's running on AWS.

Avatar
BITCOINALLCAPS 🐦 🐦 🐦 9mo ago

Sounds like someone has access to coinbases backend api lol

Avatar
YS πŸ«‚ 9mo ago

This is what I'm thinking. It's a crazy thought though!