Coinbase erroneously reported 2FA changes to 125,000 customers

Front page layout
Site theme
Sign up or login to join the discussions!

Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying: “Your 2-step verification settings have been changed.” Unfortunately, the message was sent in error—by Coinbase’s count, 125,000 of those messages were sent (via email and SMS text) to customers whose 2FA settings had not changed.
According to Coinbase’s own acknowledgment Saturday, its system began sending the erroneous messages at 1:45 pm Pacific time on Friday and kept sending them until the error was mitigated at 3:07 pm.
In that Twitter thread, Coinbase acknowledges the mistaken 2FA messages’ potential for confusion—confusion which retiree Don Pirtle told CNBC led him to panic-sell more than $60,000 of cryptocurrency. Pirtle was holding this large wallet as an investment for his grandson, so the panicked sale may have been as much blessing as curse—he now questions whether cryptocurrency was a safe investment in the first place.
Coinbase says that the erroneous 2FA messages were the result of an internal error, not hacker activity. “All of a sudden, the system just started sending stuff like a bug in the system,” Coinbase spokesperson Andrew Schmitt told CNBC, adding, “but it was not a malicious or third-party error.”
We’re laser focused on building trust and security into the crypto community so that the open financial system we all want is a reality. We recognize that issues like this can hurt that trust.
Although Coinbase tweeted that it’s “laser focused on building trust and security into the crypto community,” panic among its affected customer base is understandable. In addition to a general history of hacked crypto exchanges—including Bitfloor, Mt. Gox, Bitfinex, CoinCheck, QuadrigaCX (technically not a hack), and KuCoin—Coinbase itself has a bad reputation for its response to customers who have been hacked individually.
Most large financial institutions carry cyber fraud insurance policies and will cover hacked checking or savings accounts. “If you are victimized through cybertheft by no fault of your own, most large banks will make you whole,” CFA Greg McBride told USA Today.
The same is not true of Coinbase, which recently told one hacked customer that “there is no credible or supportable evidence that the compromise of your login credentials was the fault of Coinbase. As a result, Coinbase is unable to reimburse you for your alleged losses.”
In addition to a strict “your hack is your problem” policy, Coinbase has been repeatedly accused of extremely slow response to serious customer problems. The Twitter thread in which it announced the erroneous messages quickly devolved into users complaining of poor customer service regarding wallets that had been locked for weeks or months.
You must to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2021 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices

Tech Consultant Chris Hood and Business Strategist.

Leave a Reply

Your email address will not be published. Required fields are marked *