Re: Coinbase account hacked - sucks :( What should I do differently?
Well, no response from Coinbase six hours later, but the app developer for Bitcoin Tradr did promptly reply. They indicated that they've never had a user's account hacked and the API is never stored on their side unless a user opts-in (did I? I don't know... what would a user opt-in for anyways).
A whole host of questions were asked, and there was also the suggestion of a Windows 8.1 vulnerability (but did not expand upon that). The laptop I'm using with their app is literally a week old, brand new shipped from Costco, is hard-drive secured (for work purposes), in my home office, and my wife has no idea what a BTC is, so the transaction certainly wasn't initiated on my local machine or phone.
Coinbase's website doesn't show any direct activity on their website or mobile site that I don't recognize, so the transaction appears to have occurred external to Coinbase, and the ONLY app to whom I've release my API key was mentioned above. Barring any super-secret malware or keylogger that has yet to be detected, all signs point to my API key compromising my account, and likely through the app somehow.
I did manage to close the attached bank account and backup credit card that was verified for instant purchases, so Coinbase is going to eat the $900 transaction.
Anyways, such is the beauty and curse of BTC. Things I'll do differently next time: NEVER release my API key, and convert to paper if long on BTC.
Guess I'll wait for another bubble dip and buy back in. I'd like to know who basically stole 4 BTC from me so I can swing by their place, shake their hand for being so slick then break their knees...
A whole host of questions were asked, and there was also the suggestion of a Windows 8.1 vulnerability (but did not expand upon that). The laptop I'm using with their app is literally a week old, brand new shipped from Costco, is hard-drive secured (for work purposes), in my home office, and my wife has no idea what a BTC is, so the transaction certainly wasn't initiated on my local machine or phone.
Coinbase's website doesn't show any direct activity on their website or mobile site that I don't recognize, so the transaction appears to have occurred external to Coinbase, and the ONLY app to whom I've release my API key was mentioned above. Barring any super-secret malware or keylogger that has yet to be detected, all signs point to my API key compromising my account, and likely through the app somehow.
I did manage to close the attached bank account and backup credit card that was verified for instant purchases, so Coinbase is going to eat the $900 transaction.
Anyways, such is the beauty and curse of BTC. Things I'll do differently next time: NEVER release my API key, and convert to paper if long on BTC.
Guess I'll wait for another bubble dip and buy back in. I'd like to know who basically stole 4 BTC from me so I can swing by their place, shake their hand for being so slick then break their knees...