IDUSDT
Everest / Tether USD
crypto Composite

Not once have I seen a hack where my photo ID, dollar balance, home address and list of bank accounts have been leaked. Sit on that for a second….

Let us check this for you.
What is your [Public Account ID](https://support.kraken.com/hc/en-us/articles/360028555092-How-to-find-your-account-number-Public-Account-ID-) please?

Coinbase has 100% leaked my email and phone number, the phishing stuff started a few weeks ago and used a separate email for CB so it's definitely been compromised.

I've not had any email from CB.
I bought this house last year and not long ago had to upload new documents to keep my CB account open with the KYC stuff. So they have the up to date address.
I used the same receiving address for all CB transactions (as otherwise each need to be confirmed as was buying 1k a day and transferring out) but moved each transaction to a new wallet with a unique address after receiving, using coin control to vary the amount.
Not sure if I feel safe now, but with my ID out there and linked to buying decent amounts even if I move sounds like it wouldn't be too difficult to trace the new address if someone was motivated.

I’ve been involved in numerous leaks over the years (T-mobile, Capital One) and this is by an order of magnitude worse. People can break into a house to steal $2000 worth of jewelry, having information out there that your household has 6-7 figures worth of crypto puts a target on your back for life.
Credit freezes + separate emails for your financial stuff + hardware MFA is a must. Make sure to enable SIM swap protection with your carrier. I notified my close family not to ever send me any money unless I’m there to physically ask them for it.
Next step for me is a change of address + getting a new ID.
This is an incredible fuckup for Coinbase and we’ll need to live with the consequences for the rest of our lives.

The 1% of users are MTU’s - Monthly transacting users - Of which I believe there are 8 million, so exposure was apparently 80k.
The reason people think that they were part of this breach because they’ve been receiving scam texts forever is simple:
Cyber criminals are operating in an age where everyone’s data has already been leaked. This data gets traded around all the time - Think of Experian, LinkedIn, etc, all the big breaches that have happened over the years… This data gets thrown into massive dumps together. People who don’t even have Coinbase accounts are getting the texts/emails because the bots the criminals build just cycle through these giant lists and hope that someone bites and that someone has enough money to make it worth their while, I think.
It’s all part of the social engineering - Once they have enough data pieces (for example the data Coinbase disclosed) it’s not hard to convince someone you’re working for the company. Why would they doubt it when you know so much about their account etc?
So in a nutshell - Way different if an attacker knows your name & address and you’ve confirmed to them that you have a Coinbase account by interacting with their lure; As opposed to an attacker who knows your last 4SSN, account balances, ID numbers, etc.
I think that internally they must be comparing the losses to the accounts they identified as compromised and that’s how they’re coming up with the numbers.

Hi there,
Thank you for reaching out and sharing your concerns with us. We understand that your situation is incredibly challenging, and we want to assure you that we take your concerns very seriously.
Regarding your case (ID#141899011), as mentioned during our chat conversation, we are committed to keeping you informed promptly once your account review is finalized. We fully understand the urgency you feel and share your sentiment. To ensure absolute accuracy and efficacy in our final decision regarding your account, the review process might require additional time. This is to guarantee a fair and thorough evaluation by carefully assessing all necessary details.
You will be notified as soon as there is an update. Your understanding and cooperation are greatly appreciated. Your trust is important to us, and we are here to support you through this difficult time.
Thank you for your patience and understanding during this process.
\-LM

Bro i get those from time to time. The last one was hilarious, man calls from "coinbase" they will never call you first, but i entertained the idea. "hello im from coinbase my name is David and we see your account has been compromised" i go " hey hey let me stop you right there, your name is David and your in India... ya and my name is Bob from Norway. Cool story though, have a good night or be a victim of a drive—by i dont care regardless"
You're best strategy is just to ignore all the bullshit . And i hear this one on here all the time "well they sounded so professional" well of course they do, that's their job,. no one is gonna believe them if they sound like a scam. Just like how i manage a cannabis shop and i get fake ID's all the time. The first thing these scam ID's the person holding the ID goes "here is my birthday" and points at the birthday date on the ID.. I go " ya well no shit i have a washington state ID too i know where the birthday is im looking for everything else around that to prove its fake. Of course the birthday shows over 21 years of age that the WHOLE point of a fake ID.

If you had a serious balance, like at least north of $50k, and you were in the 1% leaked, you are a sitting duck.
Whoever gets their hands on that info knows balance and transaction history + address + what you look like from your ID. This is practically a slam dunk for organized crime, they would be stupid not to pursue this. If you live near a large metro area, you should seriously think about how much of a target you'd be based on your balance size.

People can feel free to copy and paste this to jump thru the circles they create.
- email them every day
- they’ll ask you for a picture with a code they emailed you and the date plus an ID for KYC renewal
- eventually, they’ll respond, say your account has been compromised, they’ll ask to reset your password, and reset your 2FA
- respond in kind you’ve done that, ask them to confirm and advise on next steps.
- rinse repeat, until they confirm your account is unlocked.
- get your shit off the exchange as fast as you can after they confirm it, never use Gemini again.
All in all, should take a few weeks, maybe a few months…. Dig in and get your assets.
👍🏼

same thing with casinos. if you win a handpay you give your social security and ID to some random slot attendant and hope they dont steal your info. Fucking government and IRS want all your info so you can pay taxes on it but when it comes to enforcing these assholes to secure your info they dont do anything but make them pay petty fines.

Sure, now combine name, address, with photo identification and a theoretical USD balance in your possession with exact bank accounts to your name. Let’s say you were a high net worth individual, and lets say for shits and giggles it got leaked that you have at a minimum $350,000 in USD at your disposal, and someone got a hold of your exact location with a photo ID for confirmation. You don’t see an issue with that?

Note: I’m not defending Coinbase, just sharing my point of view.
Companies are starting to be more up front about losing customer data, and the term they use is breach. This situation mirrors similar ones for telecom companies. AT$T, Verizon, T-Mobile… all have had “breaches” which were individual employees who were bribed. With telecoms it was usually for SIM swaps. Hell, I bet the people doing the bribing were probably the ones doing the swaps too.
I would hope that Coinbase is fingerprinting customer records, meaning if an employee looks at a customer account details, it tags their ID. When they uncover a bad employee, boom easy list of who was affected.
This isn’t the kind of breach where a hacker got in and stole a database; that’s why the number is so low and most of the details are partially obfuscated.

The bigger point is they mishandled sensitive data in the first place. Whether they pay the ransom is neither here nor there in my opinion, it doesn't fix anything. Of course it's a good thing they didn't pay the ransom, that incentivizes bad actors in the future. But something to needs to be said about the lack of care in handling data. The fact they shifted attention to being exploit-proof, why don't they provide a better explanation as to why there weren't Photo ID's deleted, documents stored on secure servers with special access, implement robust hashing algorithms on user home addresses, strong controls and special employee training? Are their employees that easy to bribe? That speaks to a larger issue in their organization.

Hey there,
Trying to see if anyone has experience creating a binance account in a different country from the US. Im a Colombian resident with a Cedula (their form of ID) and proof of address. I meet all criteria to have an account there, but since I have a US IP address, I get blocked from doing it. I don't want to use a VPN because that sound like a fast way to get my account flagged. Binance doesn't have an support email address either, and none of the self service actions on their support page are of use to me. Anyone know what needs to be done here? I'd be pretty disappointed if the only way to get it done was to fly all the way there just to get a Colombian IP.
Thanks!!

For some reason Coinbase logged me out and I can’t get back it. I type in my email and password right, then it wants to verify with a code through text. But the issue it is sending it to my old phone number I do not have. Coinbase will let you use an ID to verify yourself but when I’m ready to take a photo the screen is just black and there’s no button to press to take a photo. Anyone know what to do?

Well, I mean, that was the best proof that it's better to keep your coins in a private wallet. I mean, they also have ID copies, as far as I know. Who knows, someone could steal your identity and possibly gain access. But as far as I know, your own cryptos are not directly at risk, only your own data.
In my opinion, there are few arguments in favor of keeping coins on an exchange. A lack of technical affinity and sloppy handling of important data (e.g., passphrases) would be among the few.

Case ID#141899011
"SOS, SOS!
To the esteemed officials at Binance, I am in the depths of sorrow and grief, enduring very difficult times. I am suffering from heart palpitations and depression, and this is all because of you. The withdrawal from my account suddenly stopped without any justification, and there is no clear reason. I trusted you and placed all my money and debts to other people in currencies that have been delisted, and I am unable to withdraw them. All of this is due to the withdrawal being stopped for 70 days now – 70 days of withdrawal suspension! When I speak to customer service, they keep extending the suspension. I have received three unreliable promises from them: the first was a one-month suspension, the second was two to three weeks, and the third was also two to three weeks."

tldr; Eric Council Jr. of Alabama was sentenced to 14 months in prison for his role in hacking the SEC's X (formerly Twitter) account in January 2024. Using a SIM swap attack and a fake ID, Council gained access to the account and falsely announced Bitcoin ETF approvals, briefly manipulating Bitcoin's price. Arrested in October 2024, Council was also ordered to forfeit $50,000 and faces three years of supervised release. U.S. Attorney Jeanine Pirro emphasized the threat such schemes pose to market integrity.
*This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

🙄 11 years with Coinbase and I have only received a message from Coinbase saying my information may have been breached once. So you must be special to have been breached several times 🙄
And the one and only time, Coinbase automatically signed me up for Credit/ID protection. The few affected will likely receive the exact same benefits.

The CEO of Coinbase came out with that tough guy video about how they were actually going to pay for information about the hackers instead of paying the hackers money. But they left out how much incredibly sensitive information was taken! The last four of your Social Security plus the last digits of your bank account plus your photo ID plus your address? What the fuck? Why does a low level customer service person even need access to all that? Why would they need to see my photo ID? If they don't need it then they should never have had access to it.
This fucking chump company has just lost my business. There is no chance I'm putting a ton of money in any kind of wallet linked to them.