Tell HN: Coinbase Added a Fake Signatory to My Vault

31 points by hienyimba 1 year ago | 5 comments

I first signed up for Coinbase in 2016.

In post-FTX 2022, I was ready to dive back into crypto. With a 5 figures investment, I chose Coinbase's Vault for "security" without the cold wallet setup hassle. I setup my email and phone number as the standard Signatories, loaded up my vault.

But this "No hassle" option became a horror show.

One month after setting up, I was blocked from accessing my Vault by a mysterious OTP pop-up that claimed to have sent me an OTP which never came. As an engineer, I signed in on my desktop and using inspect-element, found out some weird JS blocking the OTP request button from actually sending the OTP — odd, but I wrote it off as a bug and moved on.

Zoom to August 2023: Coinbase sends me an email that my region will no longer be supported. Few days later, they inform me I must go through a KYC process to keep using Coinbase, which I powered through. Post-KYC, my Vault's back, but guess what? A stranger's email had been added as a signatory to my Vaults — "Trudey Schucker" (d***@gmail.com). Full-on panic mode, I contacted support through a form that can only be found using a hidden treasure map of their site, only to be ghosted with an "Coinbase will only offer self-help customer support in your region" auto-reply. Case closed, and radio silence.

Few weeks later, I get an email from Coinbase Compliance (#16618823) , demanding my financial life story. I thought it was a scam email, but no, it was Coinbase asking for everything from bank statements to invoices to private chats—yeah, they went full strip-search on me. Here's what I provided them: 1. Personal Bank statement 2. Proof of income 3. Proof of employment 4. Business registration 5. Business invoices 6. private conversations between myself and the broker I used 7. Brokerage statements 8. All Transaction histories at other Exchanges, etc.

This is more information than I've given National Governments and Banks. It has been the most degrading experience of my life.

Plot twist: During this process, I got a hold of another Coinbase support team who that then addmitted that they added that bogus signatory email to my Vault to lock me down. This team then went ahead to break the Vault with the lesser crypto and siezed the crypto pending "hearing from Complaince". A complete shit-show.

It's been a 5-month now with no Vault access and no response from Coinbase. I'm sharing this story as a warning and in hopes someone with power sees this. When companies grow, they become evil. It's also true what they say: Not your wallet, not your coins. Lesson learnt.

Stay vigilant out there.