My Experience Contacting Coinbase Support - Disclosing My Emails To Coinbase

After I got scammed over $50K when using Coinbase Wallet, I contacted Coinbase Support several times. Initially, I was telling them my situation and asked them if there was anything that could be done to take the money back.

After that, I tried to inform them of the vulnerability in Coinbase Wallet where money could be drained even when the recovery phrase was never compromised. I don't know how many others have pointed out that issue to them, but at least there was my attempt over a month ago that I will disclose in this post.

Below is our first communication thread between November 18 and 19. It started with filling out a form in the Coinbase Help Center. I did not capture the screenshot of the support form, but I did capture the text I submitted.

All the money, $58,734.78 (USDT), in my wallet got transferred out of my wallet without my permission through this transaction:

https://etherscan.io/tx/0x28fe570dc54f6432db9fd7b7fce68083c081f9eff69c8334a30c9077d22e775c

How secure is the Coinbase Wallet?

I never shared my Recovery Phrase with anyone else.

I visited this dApp address: u2e-free.com. Is there anyway a dApp can take all my money without my permission?

My brother-in-law is in the same situation.

Is there anyway we can take back the money?

Please help!

Thank you,
*********

Below is another communication attempt that I tried.

... The rest of the email is the draft of my first post to this blog.

One important thing that I am noticing when reviewing what I sent to them is the screenshot of my wallet in the email. Back then, my intention was just to show the version that was in used. Now, I am seeing that the screenshot also shows that there are 0 Connections in WalletLink, even after my wallet had executed code that hooked in an Approved Spender token that allows someone else to spend unlimited USDT from my wallet.

Location: United States

Comments

  1. AnonymousDecember 25, 2021 at 8:53 PM

    I wouldn't call this a Phish scam exactly. Regardless, please join us at https://www.reddit.com/r/eth_liquidity_scam/ as we are working on how to resolve this issue.

    ReplyDelete

Post a Comment

Popular posts from this blog

DApp Phishing in Coinbase Wallet - I Lost Over $50,000

Image
A few days ago, all my money, $58,797, in my Coinbase Wallet drained from my wallet without me knowing about it until I opened my wallet. I believe there is a major security issue in Coinbase Wallet where users can easily get phished to give a DApp (Decentralized Application) to take control and grant spending permission to an external entity. My empty wallet 😢 Contacting Coinbase/Wallet Support , which is the only way I know of to reach out to them, was not helpful. All they said is that I may have leaked the recovery phrase, without looking into the details I provided . I found a recent review on Google that describes the situation really well. A recent user review on Google Play Store. I am going to describe what happened in details. My brother-in-law showed me his Coinbase Wallet a few weeks ...
Read more

Inside The Scammer's DApp

Image
With Chrome Dev Tools , I was able to look inside the client code of https://u2e-free.com. This site is the scam dapp that drained all my USDT after my Coinbase Wallet granted them unlimited spending of my USDT. The site is a single-page web application written in Vue.js v2.6.12 and web3.js . Below is the tree view of the site. The application supports two different languages in its UI — English and Chinese, with English as the primary language. I concluded that English is the primary language because there are untranslated texts for the Chinese version as shown below. Next I will focus on the code that implements the Receive button. This is the most important action because it is what obtained the permission to spend unlimited USDT from victims' wallets. Below is the receive function that implements the action. The function above does the following: Obtain the USDT Contract Get the estim...
Read more