Coinbase is my favorite overall cryptocurrency exchange but the truth is Coinbase can be a prime target for hackers if you don’t know how to secure your account properly.
Coinbase is the best US based cryptocurrency exchange to buy and sell coins like Bitcoin, Ethereum, and other altcoins. It's the largest exchange in America with over 68 million verified users. I've used them since 2018 with zero issues. Highly recommended.
There have been plenty of horror stories where unfortunate Coinbase users had their accounts emptied by hackers who accessed their personal information and account without their knowledge.
In this article, I’ll explain how most Coinbase accounts get hacked and introduce several proven ways to protect yourself from this life changing problem.
Table of Contents
- How Coinbase Protects Your Crypto Account
- Text Message 2FA is Vulnerable to the Sim Swap Scam
- Use Authenticator at Bare Minimum but It Does Have its Flaws
- Use a Security Key like Yubikey 5 NFC or Google Titan for Maximum Protection
- Move Your Crypto into a Cold Storage Hardware Wallet for Extra Security
- Use Whitelisting for Coinbase Pro
- Take Control of Your Coinbase Security
- Need Help Securing Your Account? Leave a Comment Below
How Coinbase Protects Your Crypto Account
Coinbase requires all accounts to use 2FA for added protection using 3 different methods: Text message, Authenticator, and a physical security key.
The text message is the least secure while owning your own security key is the most secure option.
Text Message 2FA is Vulnerable to the Sim Swap Scam
Normally, you won’t have any issues with your Coinbase account but that doesn’t mean you should use the default text message option. Many Coinbase users leave themselves vulnerable to hackers who use a scam called sim swap to gain access to their Coinbase account.
Once the hacker gets control of your SIM then your phone will stop working and they can intercept your text messages to withdrawal all of your funds to their wallet.
Do not use text message for 2FA because it’s the least secure and upgrade your security to Authenticator for extra security.
Use Authenticator at Bare Minimum but It Does Have its Flaws
Authenicator requires you to enter a unique one-time access code before logging into your account or making any withdrawals.
Google Authenticator is a very popular authenticator plugin that you can download to your Android or iPhone for free. However, there are several problems with Google Authenticator if you lose your phone or it gets stolen. You no longer have access to your authenticator codes and must backup your Authenticator app with Google drive in case of an emergency.
Authy is a good Google alternative if you don’t want to use Google’s app but this method isn’t the most secure way to protect your account. All someone needs to do is gain access to your phone and you’re in trouble.
Use a Security Key like Yubikey 5 NFC or Google Titan for Maximum Protection
Using a physical security key makes it impossible for hackers or scammers to access your account online. You simply purchase a reliable security key online such as Yubikey 5 NFC (for USB-A) or Yubikey 5C NFC (for USB-C) and plug it into your laptop or tap your mobile phone whenever you need account access.
Yubikey is the most effective way to protect your online accounts from hackers and takeovers. Supports popular cryptocurrencies accounts and exchanges such as Coinbase, Binance, Kraken, Gemini, BlockFI, and more. Works with Macbook & iPhone devices.
Yubikey is the most effective way to protect your online accounts from hackers and takeovers. Works for popular cryptocurrencies accounts and exchanges such as Coinbase, Binance, Kraken, Gemini, BlockFI, and more.
You can also use your security key to secure all of your email, banking, and social media accounts too. For example, Yubikey works with all major websites such as Facebook, Google, Coinbase, Twitter, etc.
Yubikey costs between $45 to $55 depending on which security key you purchase. If you’re on a tight budget then try the Yubico Security Key for the most basic protection at a lower price. This version isn’t compatible with popular password managers like LastPass and doesn’t support OPT (one time passwords).
Now, you have gained maximum security over your account and will sleep a lot better at night.
Move Your Crypto into a Cold Storage Hardware Wallet for Extra Security
Obtaining a security key will give you the maximum protection of your Coinbase account but you don’t own the private keys to your cryptocurrency. As long as your coins remain on the Coinbase website then Coinbase technically owns the private keys and ownership of your crypto.
Many diehard cryptocurrency investors preach the important of “not your keys, not your coins” to encourage HODLers to move their crypto assets over to an offline hardware wallet.
Of course, your only risk is that someone else discovers your private keys and gets possession of your hardware wallet.
Use Whitelisting for Coinbase Pro
Whitelisting allows withdrawals only to external address that you verify in advance. This feature is only available in Coinbase Pro and adds an extra layer of security to your account.
Take Control of Your Coinbase Security
Too many victims blame Coinbase and its poor customer service if something goes wrong. Coinbase will not reimburse your funds or recover any stolen crypto because all crypto transactions are irreversible on the blockchain.
Contact Coinbase customer service if you have a problem but make sure you use the security steps above to prevent any hackers from causing damage.
As cryptocurrencies become more widely adopted, my guess is regulation will increase and help catch crypto thieves who steal funds. However, we are still in the early days of crypto so take your protection very seriously.
Need Help Securing Your Account? Leave a Comment Below
If you have any questions about securing your Coinbase account or choosing the best security key then leave a comment below. I’ll do my best to share my personal advice based on my own experiences.