Users of Coinbase, a popular cryptocurrency exchange have been experiencing account takeovers from hackers who have been draining the user's accounts of their cryptocurrency. These attacks are fast and stealthy. An account can be drained in less than a few minutes if the hackers gained access to the user's login credentials or they find a way to bypass the two-step authentication features of Coinbase security. Coinbase has been flooded by consumer complaints after hackers stole cryptocurrency from users' accounts. Coinbase ascertains that the exchange itself has not been hacked, and that they have good security in place.
Despite having two-step authentication features on the Coinbase application, hackers have also found ways to access user's accounts by SIM card swapping. SIM card swapping involves an individual obtaining a SIM card containing the same phone number as their private conversations or information.
Not only have users been locked out of their accounts while hackers depleted the cryptocurrency, but Coinbase's limited customer service has made it impossible for user's to report these hacks and what amounts to in many cases losses of large sums of cryptocurrency.
Coinbase is maintaining that their insurance policy does not cover losses from individual accounts, and the transactions out of users accounts cannot be reversed. Coinbase has also locked users out of their accounts after identification verification, and closed accounts with no explanation even with users' cryptocurrency assets still inside with no way to recover them, including this writer's own account.
Coinbase's customer growth has increased from over 43 million users in 2020 to over 68 million registered users in 2021. While Coinbase says that only a small percentage of user's are affected by hacks, and that their two-step authentication is effective at keeping the number of bad guys out of user's accounts, there clearly is much more that needs to be done to protect user's investments in cryptocurrency. The hope was that when Coinbase went public on the NYSE this year, that many of the problems with the accounts and customer service would be solved. With more financial resources available, those resources could be spent on security and customer service. Sadly, this does not seem to be the case. However, the company recently indicated that they would be bringing back live chat and have been increasing customer service options including a dedicated phone line in addition to email.
While the transactions on the blockchain are public, the individual users are anonymous which is why many like using this decentralized technology. Crypto and blockchain technology is everywhere these days, and many individuals are investing in cryptocurrency and/or using it to make payments on things such as NFTs (nonfungible tokens), air travel and even insurance premiums to name just a few. The crypto wallet assigned by exchanges such as Coinbase is known as hotwallets, which means that the wallets are connected to the internet and can be hacked. Security experts advised those holding large amounts of cryptocurrency to move those funds not needed for trading, to cold wallet storage, which is not connected to the internet. Some insurance companies offer insurance coverage for cold wallets, aka cold storage.
In addition to holding crypto in hot wallets on exchanges such as Coinbase, holders of crypto are being targeted through what is known as SIM swapping. What happens is that a hacker will go to a mobile provider such as AT&T, for example, and with just a bit of information gleaned from an individual's account including security validation information, such as an account pin number, can walk into any mobile provider's store and walk out with a SIM card with the target's cell phone number. Hackers are obtaining this information from either phishing for login credentials to mobile phone accounts, keyloggers or from the various data breaches including from mobile carriers themselves, such as the recently disclosed T-Mobile and AT&T data breaches. The breaches may contain an user's name, phone number, social security number or other pertinent information. In addition, a simple White Pages search of a telephone number can reveal the carrier for that number and other information that can also be used to target an individual for a SIM card swap.
With this SIM card they can intercept any two-step authentication codes sent to that cell phone number, and access a crypto exchange such as Coinbase, and wipe out an entire account before the registered user even knows that they have been targeted by both the SIM swap and the hack of their crypto wallet located on an exchange. High net worth individuals and celebrities are especially targeted as hackers assume that they may hold significant crypto assets. Many celebrities, especially sports stars and recording artists are opting to receive their salaries and royalties in cryptocurrency, making them prime targets for such hacks. A celebrity's cell phone number is a coveted target, but everyone, especially those who invest in cryptocurrency should protect their cell phone number just like they would their social security number and only give it out when absolutely necessary. These accounts are also sold on the dark web and can bring $100 to $150 each, so cryptocurrency hacks and thefts are a lucrative business.
Clearly the insurance market for cryptocurrency coverage is an emerging market. Coverage for investments in cryptocurrency and blockchain assets such as NFTs is not only needed but desired by many. More about this emerging insurance market can be found here.https://www.propertycasualty360.com/2021/08/03/cryptocurrency-do-and-eo-insurance-issues/