Account balance info of <1% of Coinbase customers was leaked to hackers and scammers. Buy a Bitkey!

00:02 Hey everyone account information on less than 1% 00:06 of Bitcoin or sorry Coinbase's uh MTUS 00:10 which is monthly transacting users. It's 00:12 the way they measure active users. So 00:14 less than 1% of their active user 00:18 account information was leaked. Now that 00:20 is not usernames, passwords or 00:23 two-factor authentication. So none of 00:25 what was leaked directly enables uh 00:28 hackers or scammers to access your uh 00:32 account on Coinbase. But what it does 00:34 do, which is why the hackers and 00:36 scammers wanted it, was it does allow 00:39 them to run much more sophisticated 00:42 social engineering attacks. So what is a 00:44 social engineering attack? Well, a 00:46 social engineering attack is an effort 00:48 to get you to voluntarily give your 00:51 Bitcoin or or access to your account to 00:55 scammers and hackers by sweetalking you 00:59 into doing that by pretending to be 01:01 technical support 01:02 representatives. So, what does that look 01:04 like? Well, so uh they will typically 01:07 someone will call you out of the blue 01:09 claiming to be from Coinbase. They'll 01:11 claim to have a, you know, here's my 01:13 badge number, here's my security 01:15 clearance, here's my whatever. And now 01:18 that they have additional account 01:20 information, they can look more 01:22 credible. So, they can say, "Hey, I just 01:24 wanted to check, did you indeed buy a 01:27 sandwich at Panera Bread for 01:30 $13.61?" And you're thinking, "Oh, well, 01:32 yes, actually I did. These people must 01:34 be from Coinbase." The answer is, "No, 01:36 they're not from Coinbase. they just had 01:39 uh they just compromised less than 1% of 01:41 accounts. Um which again is uh you know 01:44 it's less than 1% but uh I think 01:48 Coinbase has total users of above 100 01:50 million. I'm not sure how many of those 01:52 are monthly transacting users. So let's 01:55 assume that number is I mean it's you 01:57 know perhaps less than a million but 01:59 that's still a whatever that number is 02:00 is still a huge number of accounts. Uh, 02:03 but the most important things, well, 02:04 anyway, so the the scammers will call 02:07 you claiming to be from Coinbase and 02:09 they will know a lot of information 02:10 about your account. Again, they do not 02:12 have username, password, or two-factor 02:14 authentication codes, which is why 02:15 they're calling you because they're 02:17 going to try to trick you into giving 02:18 them that information, uh, two-factor 02:21 authentication codes, you know, 02:23 passwords, etc. Uh but they do have 02:25 enough information to get started which 02:27 is you 02:29 know okay so scammers and hackers they 02:32 use your email address and your phone 02:34 number to contact you. They use the 02:36 additional information they know about 02:38 your account on Coinbase to build 02:41 authenticity with you uh credibility to 02:44 so that you actually believe they are a 02:45 tech support rep or a security somebody 02:48 from Coinbase. And then ultimately in 02:50 the process they try to trick you into 02:52 revealing your password and your 02:55 two-factor authentication codes by 02:56 sending you links that claim are like 02:58 secure login portals for Coinbase or 03:01 Anyway, it's super sophisticated. Uh, 03:04 first of all, Coinbase will never call 03:05 you if if you get a phone call out of 03:08 the blue from someone claiming to be 03:09 from Coinbase or from Google or from, 03:12 you know, Gemini or you name it. Um, 03:14 those companies never proactively call 03:17 you. So, if you are being called by 03:19 somebody uh claiming to be from 03:20 Coinbase, it is 100% a scam. They do not 03:23 proactively call people. They just never 03:26 do that. That's part of their security 03:27 protocol is they never call you. Um, the 03:30 only way you can get a phone call from 03:32 Coinbase is by initiating a request for 03:35 a phone call from within the Coinbase 03:37 app. And if you do that from within the 03:39 app, uh, it will they will call you, but 03:42 they call you basically immediately when 03:44 you click initiate call and you know 03:46 it's legit because you literally 03:48 initiated it from within the app, but 03:49 they're never just going to call you out 03:50 of the blue. Um anyway, so how can you 03:53 So the number one thing that they got 03:54 that is most valuable to them in 03:56 addition to just sort of you know 03:58 usernames and sort of what accounts what 04:00 is account balances. They want account 04:03 balances because they want to prioritize 04:06 how sophisticated uh it's worth being to 04:09 try to compromise someone's account. So 04:12 obviously if they know account balances, 04:14 they're going to they're going to take 04:15 the entire customer spreadsheet of 04:17 information that they got. I promise you 04:20 they will sort it by account balance, 04:22 largest to smallest. That's the very 04:24 first thing they're going to do is 04:25 they're going to sort it by account 04:27 balance from largest to smallest and 04:29 then they are going to start working up 04:31 their uh planned uh scamming starting 04:35 with the largest accounts. And so for 04:37 the the largest accounts, they're going 04:38 to put their best people on it uh that 04:41 have that have no foreign accent that 04:44 are the most, you know, swab and 04:46 sophisticated. and they're going to 04:48 spend the most time researching the 04:50 account and coming up with what they 04:52 think is the person is the person is 04:54 most likely to fall for. They're going 04:56 to call them at the time of day that 04:57 they think the person is most likely to 04:59 be susceptible. Uh all of those things. 05:01 So for the the highest value accounts, 05:04 for example, accounts with more than a 05:05 million dollars, they're going to be 05:07 very sophisticated trying to get that uh 05:10 Bitcoin or other cryptocurrency from 05:13 that person. For accounts between maybe 05:15 a h 100,000 and a million, they'll be 05:17 moderately sophisticated. For accounts 05:19 with less than 100,000, they'll probably 05:21 robo dial them. It'll be people with 05:23 foreign accents just robo robo dialing 05:26 for dollars hoping they get lucky. Um, 05:29 so if your account balance is less than 05:31 $100,000 on Coinbase, you know, they're 05:34 the attacks may not be super 05:35 sophisticated, but a lot of people fall 05:37 for, you know, social engineering 05:39 attacks that are not very sophisticated. 05:40 something. The person just calls and 05:42 says, you know, "Hey, I'm from Coinbase. 05:44 I'm from technical support. We're we're 05:46 concerned your account might have been 05:47 compromised. Um, you know, can you help 05:50 me log into your account to secure it?" 05:52 And then they ask you information like, 05:53 "What's your email address? What's your 05:56 password?" You know, "Okay, I'm going to 05:58 trigger a two-factor authentication 05:59 code," which means they're trying to log 06:00 into your account. "Okay, read me the 06:02 code." like in obviously if they're 06:04 calling you and then they have to ask 06:06 you what your account information is, 06:07 which they should already know if they 06:09 really were from Coinbase, it's 06:11 obviously a scam. But a lot of people 06:12 fall for it anyway. And the 06:14 sophisticated scams do a lot more work 06:16 on the front end so that when they call 06:18 you, they already know all that 06:19 information. Not the username and 06:21 password and two-factor authentication 06:22 codes, but they know all the other 06:24 information. So they don't have to ask 06:25 you and and you know, make it so 06:27 obvious. So what can you do about this? 06:29 Well, do what I've already done. do do 06:31 what numerous people have already done 06:33 which is buy a bit key bit i t ke y uh 06:36 website is bitkey.world so 06:40 bitkey.wld and move most or all of your 06:43 bitcoin to bit key. So why does that 06:46 help? Well, first of all, when the 06:48 account information leaks on 06:50 Coinbase and they sort it from highest 06:52 to lowest, guess what? your account is 06:55 not a big juicy target because your 06:57 account balance is either some, you 06:59 know, relatively low number if you keep 07:01 Bitcoin on there to use the Coinbase 07:03 debit card or your account balance is 07:06 zero because you've moved it all to 07:07 Bitkey or, you know, whatever it is, 07:09 it's not some big juicy target, which 07:11 means the scammers and hackers are going 07:13 to spend much less time on you because 07:16 they see that your Bitcoin is not on 07:18 Coinbase anymore. Which means even if 07:19 they do compromise your account, so 07:21 what? they can't get anything that's not 07:23 on Coinbase. So, uh, so the first thing, 07:25 buy yourself a Bitkey, move most or all 07:28 of your Bitcoin, uh, to Bitkey and 07:30 that's really it. Um, so Bitkey, the 07:33 architecture of Bitkey is they do not, 07:36 uh, because of the way government 07:37 regulations work, they are not required, 07:39 unlike Coinbase, which is required to 07:41 keep your, you know, copy of your photo 07:44 ID and your name and all the personal 07:46 information. Bit key doesn't work that 07:47 way. The nature of Bitkey, the 07:49 architecture of Bitkey is structured 07:51 where they are not required to keep any 07:53 of that personally identifiable 07:55 information because they are not 07:57 swapping your Bitcoin for US dollars. 07:60 You're doing that on Coinbase or 08:01 something like that. So, Bit Key does 08:03 not keep a bunch of personal information 08:05 about you for hackers and scammers to 08:06 hack, which means um there's there's, 08:10 you know, Bit Key customers are not 08:12 targeted uh the way Coinbase customers 08:14 are targeted. And if you do what I 08:17 recommend, which is if you have a medium 08:18 or large balance, let's say a balance 08:20 above $10,000, certainly above $100,000, 08:24 if you keep your bit key in a safe 08:25 deposit box in a bank, then even if 08:27 scammers do call you, even if you are 08:29 temporarily tricked by their wy ways, it 08:33 doesn't matter because your bit key is 08:36 at a bank and it takes you time to drive 08:38 there. And in the amount of time it 08:40 takes you to drive to the bank, 08:41 hopefully you'll uh wake up out of your, 08:44 you know, mesmerized stuper that this, 08:46 you know, fake agent uh claims to be and 08:49 realize, wait a second, this whole 08:51 thing's a scam. I'm on the phone with 08:53 somebody who's trying to scam me. Um so 08:56 uh you know keeping uh your funds on 08:58 BitKey is basically solves between 99% 09:02 and 99% 09:04 99.9% of the likelihood of getting 09:07 hacked or scammed. Uh keeping your bit 09:09 key in a safe deposit box in a bank 09:11 solves the other.1% or 1% or whatever 09:15 microscopic bit is left. So hackers and 09:18 scammers are always going to target the 09:19 largest accounts. account information is 09:22 always going to leak on places like 09:24 Coinbase because they're I mean when you 09:27 have a 100 million you know user 09:28 accounts and and in the case of Coinbase 09:30 they have a significant number of uh 09:32 overseas agents they use uh foreign 09:34 called centers which is obviously a huge 09:37 problem because those people are a lot 09:38 easier to bribe uh into uh you know into 09:42 compromising account information and 09:44 giving it to hackers and scammers than 09:46 US-based agents. US base agents are just 09:48 much less likely to do that because 09:50 they're in the US. Uh they're a lot more 09:52 likely to be caught if they do stuff 09:55 like that and it's just they're less 09:56 likely to do it. Um so um anyway, 09:60 Coinbase does use international agents, 10:01 overseas agents for technical support. 10:04 And in this case, that's what happened. 10:05 Uh the scammers and hackers were able to 10:08 bribe enough overseas agents to 10:11 compromise enough accounts to be a 10:13 significant problem. Now, the last 10:15 pieces of the story here, which I posted 10:17 the video from Brian Armstrong, is the 10:19 hackers and scammers told Coinbase that 10:22 they would uh if Coinbase gave them $20 10:24 million, they would not use the 10:26 information. Basically, for $20 million, 10:29 the information that they compromised 10:31 on, Coinbase customers would never see 10:33 the light of day. uh Coinbase said no, 10:36 you know, they don't negotiate with 10:37 terrorists is the famous saying. And 10:39 instead, Coinbase uh established a $20 10:42 million bounty for information that 10:45 leads to the arrest and conviction of 10:49 the individuals involved. So, um anyway, 10:52 it reminds me of the movie Ransom. If 10:54 you haven't seen the the movie Ransom 10:56 with Mel Gibson, that was a a movie I 10:59 liked growing up. It's rated R, so it's, 11:01 you know, not suitable for children. 11:03 But, um, it's, uh, anyway, I won't I 11:06 won't, uh, go into any details about it 11:08 in case you want to watch it, but, uh, 11:10 what Coinbase is doing, uh, reminds me 11:12 of the movie Ransom. Uh, so anyway, uh, 11:15 so Coinbase is putting a $20 million 11:17 bounty on the heads of the people who 11:20 are doing this for their um, uh, arrest 11:23 and conviction. And good for them. Good 11:26 job, Coinbase, for doing the right 11:27 thing. Um, but that doesn't mean your 11:30 account information is not compromised. 11:31 And also, Coinbase has said they will 11:33 reimburse uh any losses from accounts uh 11:36 that have been compromised. It wasn't 11:38 clear if that's only if your account was 11:40 compromised prior to today. When would 11:43 they are releasing that that 11:44 information? One 11:47 second. It's not clear if that's only 11:49 from uh the past or if that is also uh 11:53 from today forward in addition to the 11:56 past. But regardless, uh, Coinbase has 11:58 announced that they will reimburse 11:59 anybody that is scammed or hacked as a 12:02 direct result of that data leak. Um, so 12:06 anyway, stay safe out there. Buy a Bit 12:08 Key, move most or all of your Bitcoin to 12:10 Bit Key, and you will not be susceptible 12:13 to the scammers and hackers the way um 12:15 the way you are if you just have a 12:17 significant account balance just sitting 12:19 there on Coinbase. Um, so anyway, do 12:22 what you can to stay safe out there. Uh, 12:24 cryptocurrency is a new technology. Any 12:26 new technology goes through phases like 12:28 this. This internet was the same thing. 12:30 When in email was first invented, 12:32 everybody on the planet was getting 12:33 emailed by Nigerian princes claiming 12:36 they needed help to unlock hundreds of 12:38 millions of dollars, etc., etc. So, um, 12:42 in this case, it's just the same thing. 12:44 Um, it's just, you know, cryptocurrency 12:46 is new, Bitcoin's new, and so scammers 12:49 and hackers are chasing it all over the 12:51 place. And when people stop falling for 12:53 the scams, uh the scammers will stop 12:55 trying. And just like you get a lot 12:58 fewer emails from Nigerian princes 12:60 claiming they want to give you vast sums 13:02 of money, uh they stop sending those 13:05 emails because people stop falling for 13:06 them. So, you know, you stop falling for 13:09 them, the scammers give up and they move 13:11 on to some new tactic. But, uh stay safe 13:13 out there. Get a bit key. number one 13:15 recommendation to keep yourself in uh 13:18 safe and secure and to keep your Bitcoin 13:20 out of the hands of scammers and hackers 13:22 is buy yourself a bit key and keep most 13:25 or all of your Bitcoin on it. That is 13:28 the best way to to stay safe and secure 13:30 secure. So, have a great day everyone. 13:32 Thanks.