top | item 43996769

(no title)

The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.

And what that means is that

1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.

2) Hackers can try to “recover” accounts now using this leaked info.

This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

The only solution here is: hardware 2 factor like yubikeys.

discuss

SimianSci|9 months ago

The Crypto industry continues their speedrun of rediscovering all of the reasons for why the global financial system exists.

What you've described is the same thing that many Crypto enthusiasts call a "Bank"

lxgr|9 months ago

Many banks don't have physical branches.

One that I'm using does, but I find it extremely annoying when they have me go to a branch to unblock my account that they locked due to a poorly calibrated risk system (that they need due to not supporting actually secure 2FA methods).

knowitnone|9 months ago

except banks staff can easily be bribed too. There is plenty of bank fraud happening.

woah|9 months ago

Coinbase is identical to a bank because it holds customer funds. Your comment isn't quite the dunk you think it is. Blockchains allow money to be held anonymously without any banks involved. Centralized exchanges are just profiting on speculation and probably should be banned.

piva00|9 months ago

> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

That's just a bank.

lovich|9 months ago

Watching crypto enthusiasts run into every problem that society already tackled with in the past when developing currency and its controls, and then coming up with solutions that look exactly the same as what dirty fiat currency uses, has been a source of much entertainment the past few years

dowager_dan99|9 months ago

Beyond the regulatory-dodge and crypto marketing explain to me how Coinbase is NOT a bank

thepasswordis|9 months ago

Correct. Coinbase is a bank that holds cryptocurrency.

ClumsyPilot|9 months ago

> The only solution here is: hardware 2 factor like yubikeys.

And when that’s lost, what do you do? Aren’t you back to account recovery step?

drexlspivey|9 months ago

Then you send your iris scan to sama

whoopdedo|9 months ago

If you ever sent money to or from a wallet you control, I'd think a reliable recovery factor would be to use that key to sign a message that Coinbase can verify with the address in their records. Cryptocurrency after all is just another PKI.

whoopdedo|9 months ago

And dumb-dumb me just realized how trivial that would be to break. Social engineer someone into sending/receiving money to/from your wallet then pretend to be them requesting an account recovery.

Coinbase would have to make you sign a challenge ahead of time that would mark the wallet as the authorized public key for your account.

SoftTalker|9 months ago

The the data that would be used to do account recovery is 99% either public record or already part of dozens of prior major data breaches.

lxgr|9 months ago

> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted

People getting locked out of their account (which can happen due to no fault of the user, e.g. by an overly nervous risk system) will be really happy to have to potentially travel to a different city to regain account access...

thepasswordis|9 months ago

I would be very happy to do this.

Fine, make it optional. I actually would love a version of cold storage that is: never release this money unless I personally travel to an office if NYC and authorize it.

unknown|9 months ago

[deleted]

scyclow|9 months ago

I'd imagine that anyone who's sophisticated enough to use a yubikey would just buy a hardware wallet and self custody.

josu|9 months ago

> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted

Is this satire?