Coinbase wants to help track crypto cyberattacks — but its own users are shit out of luck
On Tuesday, Coinbase announced its security team can help “all organizations” in case of a cyberattack. That same day, CNBC revealed thousands of hacked Coinbase users in the US can’t get in touch with customer service.
“It’s important to have a community mindset when we see security threats in the wild,” Matt Muller, head of security at Coinbase, said in a blog post.
Titled ‘How Coinbase responds to industry-wide crypto security threats’, the announcement claims its teams ‘rapidly mobilized’ to provide analysis to Poly Network and Liquid during their own cyberattacks.
But while the largest exchange can dedicate a security team to other companies under cyberattack, its own customers are getting ghosted.
Since 2016, over 11,000 Coinbase user complaints have been filed with the Federal Trade Commission and Consumer Financial Protection Bureau in the US. Most of them relate to customer service.
Drained accounts due to SIM-swaps and account lockouts are among the most common customer complaints Coinbase receives.
CNBC interviews with hacked users reveal months-long reply wait times are a recurring theme — and when users do get an email back, it could be along the lines of this:
“There is no credible or supportable evidence that the compromise of your login credentials was the fault of Coinbase. As a result, Coinbase is unable to reimburse you for your alleged losses.”
- A SIM-swap is when a hijacker convinces the victim’s phone company to change their number over to a different SIM card.
- The hijacker can then access the victim’s accounts that use SMS text two-factor authentication.
- Coinbase provides SMS text two-factor authentication, but also hardware and TOTP authentication — which aren’t vulnerable to SIM-swaps.
Read more: [Coinbase hit with another class action — this time over locked accounts]
Customer ‘victimized twice’
Another user told CNBC they lost $35,000 and no investigation was done by Coinbase. He eventually received an email: “Your Coinbase experience and your wait for a response […] was not up to our standards.” The email came with $200 in credit.
Some have decided to sue. Attorney David Silver, who specializes in crypto, represents a family who lost over $100,000 due to SIM-swapping. They couldn’t get in touch with Coinbase.
Silver told reporters: “Most people who contact me would tell you it’s poor customer service. They’re being almost victimized twice. Because they themselves have almost no ability to contact Coinbase and deal with them directly, they’re forced to retain professionals.”
Whether hacked users have a legal case is another question. While Coinbase customer service needs improvement, SIM-swaps aren’t usually the exchange’s fault.
Live chats to return
Coinbase admitted to delays in response time back in January. Earlier this month, CEO Brian Armstrong said it’s “doing so much better” and has “increased headcount five times or so since January” with a focus on hiring customer support.
The largest crypto exchange reverted from live chat features to an email-only customer service approach in 2016. A former employee told reporters the move reflected a struggle to keep up with rising demand from a sharp growth in users.
In a statement denying CNBC interview requests to discuss growing frustrations over response times, Coinbase said it grew from “43+ million users at the end of 2020 to 68+ million registered users” at the end of July.
The exchange also said it would reintroduce customer live chat functionality “later this year.”
Follow us on Twitter for informed crypto news.