Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.
As one of the leading cryptocurrency exchanges, Coinbase has put significant resources into creating a secure platform that follows industry best practices. But even the biggest platforms aren’t immune to cyberattacks or hacking.
Cryptocurrency wallets are massive targets for cybercriminals. Stolen login credentials for a hacked Coinbase account sell for an average of $250 on the Dark Web [*].
In this guide, we’ll look at the safety concerns of using Coinbase, as well as what you can do to secure your cryptocurrencies against hackers.
{{show-toc}}
Is Coinbase a Safe Way To Trade Cryptocurrency?
Yes. Despite some recent security issues, using Coinbase is a relatively safe way to trade cryptocurrencies.
Coinbase is the world's largest publicly traded crypto exchange, where investors can trade over 240 digital currencies. Founded in 2012, the platform has about 98 million users who collectively trade $335 billion each quarter [*].
As a centralized cryptocurrency exchange, Coinbase acts as a middleman between buyers and sellers. Unlike decentralized exchanges, Coinbase controls the transaction process, sets prices, and holds the users' funds.
Here’s an overview of the pros and cons of using Coinbase to trade crypto:
Coinbase pros
Coinbase cons
Easy to use — the mobile app and web app interface are intuitive for beginners as well as seasoned cryptocurrency traders.
Higher transaction fees than other crypto trading platforms.
Wide selection of available cryptocurrencies — over 240 different cryptocurrencies, including popular coins like Bitcoin, Ethereum, Solana, and Cardano.
Recent security incidents gave hackers access to thousands of user accounts.
Paid training. Coinbase educates users about crypto trading through video classes and exams, and users can earn a few dollars worth of cryptocurrencies by completing the classes.
Complex fee schedule. While Coinbase always discloses fees to users before completing a transaction, there is a lack of transparency on the website.
Quick withdrawals. Unlike many crypto exchanges, Coinbase makes it easy to withdraw crypto and deposit it as fiat currency without having to wait several days for transactions to clear.
Unhelpful support team. Many Coinbase users have complained about slow or unresponsive service and vague answers from the customer support team [*].
Coinbase is known for its user-friendly interface and focus on security, with key features built into the platform, including:
Cold storage to provide added protection for Coinbase users' crypto assets.
Mandatory two-factor authentication (2FA), including biometric authentication, makes accessing accounts harder for unauthorized individuals.
Compliance with regulatory standards such as KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations, which help ensure a secure crypto trading environment.
On the other hand, Coinbase fees are higher than those of some other platforms, like Binance. Also, viewing the fees ahead of time is not always possible, which can be frustrating.
Reports of poor customer support are an even greater concern. If your account is compromised, you’ll need help to recover your account and funds — so slow or unhelpful customer service is a major problem.
Has Coinbase Been Hacked? 9 Security Issues and Risks
With an average daily trading volume of over $1 billion, it’s little surprise that Coinbase is a massive target for hackers and online scams [*].
In recent years, Coinbase has been hit by three notable security incidents:
Early 2021: Hackers exploited a vulnerability in Coinbase’s 2FA security feature and stole cryptocurrency from over 6,000 customers [*].
February 2023: A hacking group targeted Coinbase employees with sophisticated phishing campaigns to steal their login credentials. However, the company's security team stopped them [*].
July 2023: When an attack on Curve Finance triggered volatile price swings in the entire DeFi market, Coinbase inadvertently earned a profit of about $1 million during the chaos. Despite attempts to reimburse affected victims, Coinbase has yet to return the funds [*].
These security issues seem like rare occurrences, however:
While Coinbase has robust safety measures in place, the security of your account largely depends on your personal security practices.
Here are six common scams and cyber threats that could put your Coinbase account at risk:
Phishing emails and other attacks. Cybercriminals use phishing emails to try and steal user login credentials. In June 2023, a prominent trader reported a sophisticated phishing campaign that included a bogus email, which appeared to be from a legitimate Coinbase account [*].
Data breaches that leak your personal information. Signing up for a Coinbase account requires submitting a photo of your ID and other sensitive information. If this gets leaked, you could be at serious risk of identity theft.
Vulnerabilities from third-party services. Using third-party sites or apps linked to your Coinbase account can introduce security risks if those services are compromised. In 2022, a group of 96 scam victims filed a lawsuit against Coinbase after they were duped by scammers they met on social media, dating apps, or via wrong-number texts [*].
Crypto investment scams. Many crypto scammers build romantic relationships with targets before convincing them to invest in fraudulent platforms. A retiree named “Frank” lost $22,000 when he fell for a pig butchering scam — a prolonged scheme in which crooks coerce victims into investing vast amounts before draining their wallets [*].
SIM swap attacks that bypass your Coinbase 2FA security. Attackers can take control of your mobile number by tricking your cell phone provider into transferring your number to a new SIM on their device. In March 2023, Jared Ferguson filed a lawsuit against Coinbase, claiming he lost “90% of his life savings” after criminals hijacked his SIM and withdrew $96,000 from his crypto account [*].
Fraudsters posing as Coinbase support staff. Impersonators may contact you claiming to be Coinbase support — requesting your account details, or directing you to a fraudulent website on which they could intercept sensitive data, like your credit card number or seed phrase.
How To Secure and Protect Your Cryptocurrency Accounts
While Coinbase's exchange is safe compared to many other crypto trading platforms, individual Coinbase user accounts remain vulnerable because of risks such as human errors, social engineering tactics, and poor digital security practices.
Scammers can target you no matter how stringent the platform's security becomes. As with other online accounts, the onus is on you to make sure you don't leave yourself open to an attack.
Below, we walk through some steps that you can take to protect your Coinbase account:
Use a strong, unique password and a password manager
If someone finds out the password to your Coinbase account, they have direct access to your wallet. You need to keep hackers out by creating strong passwords and ensuring that nobody can access these codes except you.
How to secure your passwords:
Make it long. The eight-character standard isn’t enough anymore — opt for passwords containing 10-15 characters.
Make it hard to guess. It’s best to avoid obvious passwords — like birthdays, pet names, or common keyboard patterns such as “123456” or “qwerty.” You can make your password harder to crack by combining uppercase and lowercase letters, numbers, special characters, and symbols.
Use a password manager. Asecure password managerstores your login credentials and can warn you if they've been exposed or leaked.
💪 Get award-winning protection for your accounts, identity, and finances. Aura combines powerful digital security features (VPN, antivirus, password manager, etc.) with intelligent identity and fraud monitoring. Try Aura free for 14 days.
Set up an authenticator app or security key for 2FA
While Coinbase requires two-factor authentication (2FA) on all accounts, not all authentication methods are totally secure. For example, if you use SMS for receiving 2FA codes, scammers can “take over” your phone number by conducting a SIM swap and intercepting your code.
To better secure your account: Choose an authenticator app, hardware security key, or use biometric validation.
Secure your email account against hackers
It’s equally important to protect the email address associated with your Coinbase account. If threat actors gain control of your email address, they can send themselves a password reset request for your Coinbase account.
Best practices for securing your email account:
Enable 2FA on your email. Using an authenticator app can reduce the risk of unauthorized access to your email accounts.
Beware of phishing emails. Scammers send emails that contain malicious links, which could install spyware on your device or give hackers access to sensitive information — like your passwords or bank account details. Treat any unsolicited emails cautiously, and never click on any links or attachments.
Monitor for suspicious activity. If you get alerts about email login attempts from unfamiliar locations or devices, someone could be trying to hack your email account. Regularly check for any signs of compromise by scanning your email address on HaveIBeenPwned or by using Aura’s free Dark Web scanner.
In early 2024, a Reddit user shared his experience dealing with a Coinbase scam. His account was hacked, and the attackers withdrew and transferred his crypto to newly added bank accounts. Thankfully, his quick response made it possible to recover his funds [*].
If you aren’t closely monitoring your Coinbase account, thieves can steal your money and then vanish.
How to spot the early warning signs of a Coinbase scam:
Review transaction history regularly. On the Security Settings page, you can review active sessions and recent activity, and manage third-party applications with access to your account. It's wise to review your Coinbase account's transactions and activity at least once a week to look for anything suspicious.
Verify transfer details. Some malware programs can edit the details to intercept funds, even after you type in the correct information. Double-check the recipient's account information when you want to send money to other accounts.
Enable push notifications. You can stay updated with push notifications on the Coinbase Wallet app, which is available on iPhone and Android. Open the app, click on Settings > Notifications, and then tap on the first option to edit preferences. When the pop-up appears, select Enable push notifications, and then confirm. On iOS, you’ll need to tap on Allow to grant permission.
Use Coinbase’s security features
Moving your crypto assets off of any exchange into a self-custodial hardware wallet is widely recommended. However, if you choose to hold your assets on an exchange platform, Coinbase has excellent security measures in place to help combat the risks of hacking.
Take advantage of these Coinbase security features:
Use a vault if you’re holding assets for an extended period. Coinbase Vaults require multi-email approval to start the withdrawal process. There is a 48-hour delay, during which you can cancel the withdrawal at any time. This can help you stop any unauthorized attempts to withdraw from your account.
Use Address Whitelisting. You can create a predefined set of cryptocurrency addresses that are permitted to accept outbound transactions from your Coinbase Pro account. With Whitelisting enabled, any attempts by an attacker to send your funds to a different wallet will be blocked.
Use Coinbase cold storage. A cold wallet is a type of crypto wallet that exists on a hardware device like a USB drive and is not connected to the internet. As it’s offline, these wallets are immune to threats like malware or spyware. Coinbase Wallet has a feature that allows users to convert their cryptocurrency to cold storage devices.
{{show-cta}}
Safeguard your Coinbase wallet
When you trade on Coinbase.com, the platform safeguards your digital assets. If you want more control over your cryptocurrencies, you can use the Coinbase Wallet. As a self-custody wallet, it lets you store your private keys directly on your device, much like carrying a traditional wallet that holds your cash.
Here are a few essential security tips for managing your Coinbase Wallet:
Always keep your 12-word recovery phrase secure and backed up in a safe place. If you lose this phrase, you’ll have no way to access your wallet or recover your funds.
Never share your recovery phrase with anyone. If someone finds out your private keys and passwords, they could access your funds.
Use a virtual private network (VPN) when accessing your Coinbase Wallet. This will prevent anyone from intercepting your data as you enter your passcode.
Note: Your transactions are performed in real-time and on-chain, putting you in complete control of your funds. But remember that you are solely responsible for the security of your assets in a Coinbase Wallet.
Know the warning signs of a phishing attack
Imposters attempt phishing scams by imitating Coinbase staff in emails, text messages, or on social media — even under the guise of a refund and recovery service. If they deceive you, these con artists could gain control of your Coinbase account and steal your money.
Here are some warning signs of Coinbase phishing scams:
Check hyperlinks in emails. You can view a full URL address when you hover over the hyperlink. Don't click on the link if it directs you to any site that isn't Coinbase.com.
Look out for urgency or scare tactics. Coinbase scam emails often mention a problem with your account or a threat to your funds. Fraudsters use these scare tactics to make people panic and follow their bogus instructions — such as granting remote access to the victim’s computer or asking to transfer cryptocurrency to a “safe” external wallet address.
Beware of requests for sensitive information. Immediately end contact with anyone who asks for your password, two-step verification codes, or private keys. Coinbase employees will never ask you to share sensitive account details or any personally identifiable information (PII).
Secure your phone against SIM swapping attacks
SIM swapping is a threat to anyone who relies on SMS-based two-factor authentication (2FA) for Coinbase account security. If cybercriminals get control of your phone number, they can empty your crypto wallet and also target you with other types of identity theft.
How to protect your Coinbase account against SIM swapping:
Strengthen the security of 2FA protection by using an authenticator app. You should use a stronger form of two-step verification than the default SMS method. Coinbase recommends using "Universal 2nd Factor (U2F) with a security key or Time-based One Time Password (TOTP) with a mobile authenticator app like Duo or Google Authenticator."[*]
Add a PIN to your account with your cell phone provider. Popular mobile carriers including Verizon, T-Mobile, and AT&T help customers secure their accounts with a PIN.
Pay attention to strange behavior on your phone. If your phone is glitching, slowing down, or suddenly loses service for no apparent reason, it may have been hacked. Be vigilant about scanning your phone and responding to any technical issues quickly.
Do You Think Your Coinbase Account Was Hacked? Do This
If you think your Coinbase account was compromised, you need to act quickly. Due to the decentralized nature of cryptocurrency, there is no guarantee that you will get your stolen funds back; but the faster you secure your account, the more likely it is that you can limit the damage.
Here’s what to do as soon as you think your Coinbase account was hacked:
Temporarily lock your account. Ask Coinbase to disable your account in order to stop anyone from conducting transactions until you’ve completed all necessary steps for secure access, including identity verification.
Notify your bank or credit card issuer. Contact the fraud department at any of your linked bank accounts. Just as if you lost your wallet, you should also freeze or cancel your cards to stop any further theft.
Secure your email account. Since your email is a gateway to your crypto assets and financial accounts, it's crucial to lock it down. Change your password, and enable two-factor authentication immediately.
Block access to your phone number. Next, contact your service provider to place a SIM lock and port freeze to prevent SIM swap attacks.
Scan for malware, and update programs. It’s vital to find and remove any malicious programs after a hack. Update your apps and operating system to remove security vulnerabilities. Then, runantivirus software to sweep for viruses and spyware.
Review your accounts. After locking everything down, review your bank statements and recent Coinbase transactions for signs of fraud. If you spot unfamiliar transactions on your bank account, you can dispute the charges.
Contact customer support. After gathering details about any unauthorized activity on your account, contact Coinbase support for further assistance.
Notify local law enforcement. While cryptocurrency investments and NFTs may seem abstract, the theft of digital currency is still financial fraud. A hack of your account could lead to further theft from your bank or credit card accounts. File a police report to help authorities investigate; they can offer guidance to help prevent you from falling prey to more scams.
🏆 Secure your online accounts and finances against scammers. Aura uses advanced digital security tools to proactively safeguard you against hackers. If the worst should happen, you’ll also get 24/7 support and up to $5 million in identity theft insurance. Try Aura free for free today.
The Bottom Line: Cybercriminals Love Cryptocurrencies
So, is Coinbase safe? For the most part, yes. But every platform, no matter how secure, is susceptible to human errors and social engineering attacks.
According to the Federal Trade Commission (FTC):
Cryptocurrency investors lost over $1.4 billion to scams and hacks in 2023 [*].
Coinbase’s built-in 2FA measures have proven vulnerable in the past, and its customer support isn’t always there when you need help. If you want a comprehensive and reliable way to protect your online accounts, identity, and finances, consider Aura.
Aura’s identity theft protection platform guards your online accounts 24/7 with three-bureau credit monitoring, antivirus software, a military-grade VPN, a password manager, and the industry’s fastest fraud alerts3.
Even if hackers compromise your financial accounts, you’ll have round-the-clock support from Aura’s dedicated team of U.S.-based White Glove Fraud Resolution Specialists and up to $5 million in identity theft insurance coverage.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.
Is Identity Theft Protection Worth It in 2024? Only in These Cases
Identity theft protection services aren’t right for everyone. But if you’re a prior victim or have family members to protect, it could make sense for you.