Phishing at the Coinbase: a bug or a feature?

Published at: April 4, 2014
A Coinbase user with the pseudonym “shubh” has published a post in his blog describing what he calls a “major security flaw”. After reddit exploded with comments and reposts developers made their official statement on the issue, insisting that this is a feature rather than a flaw.
 
Spam tactics
 
The original problem that shubh’s report covers is that the service allows generation of unlimited money request emails, which come together with email address/ user enumeration on Coinbase. These issues lead to the disclosure of Coinbase account data. However, according to the activist, the root of all evil is the lack of limit on the aforementioned requests. This gives the perpetrators an edge, by allowing them to check hundreds of thousands of emails on their affinity to Coinbase.
 
While this may not have disastrous consequences, shubh believes that phishers can cause serious harm getting their hands on this kind of exploit. I will not go into technical details; more about that you can find in the original blog post.
 
Attempts at disclosure  
 
More interesting though (unless your digital coins are held on Coinbase), is the fact that before shubh went public with this information, he had made several attempts at notifying the developer team about it.
 
In vain. There were no responses to the emails, tweets or reddit posts until finally someone named Julian replied to him/ her. However, shubh stated that the crux of the matter was not addressed.
 
Only when the reddit post went viral (due to the blog), developers decided to make a statement of their own and published a response.
 
Not a fault but a concept
 
The response, dry and official in mood, was nevertheless very detailed and explained every aspect of the developers’ take on the situation. Simply put, they acknowledge that their creation possess certain features, but:
“Though we believe this type of spam and user enumeration activity doesn’t represent a significant risk to Coinbase customers, we absolutely recognize that it can be an inconvenience and cause confusion.  We have already implemented a number of things which make this type of activity less convenient for would-be spammers “
 
Not to be ignored
 
The reddit community split in half, where a part of users praised Coinbase for all the good it does referring to this as minor nuisance (or as they liked to put it, “growing pains”). The others were less positive, speculating on the fact that if it weren’t  for reddit the issue would remain unaddressed. 
 
Once again, public opinion made a difference. However, seeing the reluctance behind the developers’ answers, it is hard to say how much impact a group of people can make nowadays.
 
Tags
Bitcoin
Phishing
Coinbase
Related Posts
New BetaShares ETF to track Coinbase, Riot and MicroStrategy
Six months following its application with the Australian Securities Exchange (ASX), BetaShares is now close to launching a new crypto-focused exchange-traded fund (ETF). According to a Wednesday announcement, the official name of the Aussie ETF manager’s new product is BetaShares Crypto Innovators ETF. After relevant regulatory approvals, it would trade under the ticker symbol CRYP on the ASX. As with the similar Bitcoin (BTC) or crypto-focused ETFs, BetaShares’ fund aims to provide a level of crypto exposure to institutional investors looking to invest in cryptocurrencies indirectly. The new fund will track the Bitwise Crypto Industry Innovators Index, which launched in …
Etf / Oct. 13, 2021
Coinbase executed MicroStrategy’s $425M Bitcoin purchase in September 2020
Coinbase, the United States’ largest cryptocurrency exchange, announced that it facilitated one of the largest institutional Bitcoin (BTC) purchases in 2020. According to an official announcement, Coinbase was selected as the primary execution partner for MicroStrategy’s $425 million purchase of Bitcoin in September 2020. Brett Tejpaul, head of institutional sales at Coinbase, provided more details about the purchase as well as the company’s aim to facilitate institutional purchases in a Dec. 1 blog post. “Using our advanced execution capabilities, leading crypto prime brokerage platform, and OTC desk, we were able to buy a significant amount of Bitcoin on behalf of …
Bitcoin / Dec. 1, 2020
Crypto Carnage, Fears of $1,000 BTC, MakerDAO Crisis: Hodler’s Digest, Mar. 9–15
Coming every Sunday, Hodler’s Digest will help you track every single important news story that happened this week. The best (and worst) quotes, adoption and regulation highlights, leading coins, predictions and much more — a week on Cointelegraph in one link. Top Stories This Week Bitcoin price drops to $3,637, rebounds above $5,200 within minutes Whenever there’s a big crash on the stock market, traders on Wall Street are often pictured with their heads in their hands — surrounded by a sea of screens with red numbers. This week, it was crypto’s turn. Bitcoin prices had been relatively stable in …
Blockchain / March 15, 2020
Circle’s USD Coin Sees Major Growth After Market Downturn
As Bitcoin (BTC) and the cryptocurrency market at large experience a major downturn, people turn to stablecoins in an attempt to preserve their capital. Some stablecoins have grown more than others, however. Stablecoin marketcaps are generally expected to increase after a major cryptocurrency market downturn. However, this is not what happened for most stablecoins during the past week. According to data from Coin360, Bitcoin has fallen from a height of nearly $8,000, down to under $4,000 between March 12 to March 13. Bitcoin 7-day price chart. Source: Coin360 USDC market cap sees major growth Jeremy Allaire, the co-founder and CEO …
Bitcoin / March 15, 2020
Facebook’s David Marcus Quits Coinbase to Avoid ‘Appearance’ of Conflict of Interest
Facebook blockchain head David Marcus announced he was quitting his position on the board of U.S. cryptocurrency exchange Coinbase Friday, August 10, in a statement seen by various media outlets. Marcus, who joined the exchange’s board in December 2017 and took on a blockchain research group at Facebook in May, said he now thinks it is “appropriate” to leave. “Because of the new group I'm setting up at Facebook around Blockchain, I've decided it was appropriate for me to resign from the Coinbase board. “...I've been thoroughly impressed by the talent and execution the team has demonstrated during my tenure, …
Bitcoin / Aug. 11, 2018