I first got introduced to Bitcoin in 2014. As a college kid, with no money to his name, acquiring bitcoin would remain a pipe dream until 2016. I was preparing for my final college exams and my dissertation. I received some money ($260) from my parents to enable me do my research. I managed to do this so cheaply that I had a $160 savings when it was all over. Great I thought. I had been trying my hands at startups since 2012 and nothing had worked out so far. I viewed the remaining $160 as my last shot - an investment - at winning. But first, I needed to invest this money until I had my next startup idea. That was how I was introduced to Coinbase.
Getting started on Coinbase
Fast-forward to November 2022. The FTX cancer had been cleared and I believed crypto was ready to thrive. I was now a successful startup founder (by bootstrapped standards) and decided to put some money aside in crypto as part of a portfolio diversification strategy. I contacted a very reputable OTC desk in my country and made a purchase of 6 figures worth of USDC. With the right investments, this would turn into a healthy sum in future I hoped. At the Coinbase HQ, a new plan was hatched almost simultaneous - to steal - from me.
After the transaction was completed, I transferred some money to Binance and purchased a bit of ETH (90%) and SOL (10%). With safekeeping in mind and not desiring to go through the hassle of setting up a Cold wallet, I choose the next best thing - Coinbase Vault. As part of the setup for Coinbase Vault, I choose 2 email addresses as signatories to the account - emails belonging to I and my wife. I transfered the ETH to the vault and staked the SOL. All on Coinbase.
The Coinbase Nightmare begins
Not long after I completed the process, I needed to withdraw some ETH and stake it. I logged into Coinbase and tried to access my Vault. A popup appeared claiming to have sent me an OTP that must be entered to access my Vault. I ransacked my email and phone messages but discovered nothing. As an engineer, I logged into my Coinbase account on desktop, only to discover that there was some kind of CSS/JS preventing me from accessing th button that sends the OTP itself. I chucked this up to some kind of temporary bug and went about my daily business. From time to time, I'd login to see if the bug had been fixed. Each attempt was unsuccessful.
Fast forward to August this year. I suddenly received an email that my region will no longer supported by Coinbase going forward. The email advised there might be a KYC option in the coming weeks which could allow me to keep using Coinbase. Some weeks later, I received another email from Coinbase directing me to complete an extensive KYC process. I jumped at this opportunity and completed the KYC process before long. I could now put this whole business of Coinbase not supporting my region behind me.
Unfortunately, it would not be so.
The Curious Case of the Vault
After the KYC process, Coinbase was now at the center of my mind. I had a number of ETH sitting idle in the vault and I decided to stake it immediately. I logged into my account. This time, I could see the option to request the OTP. OTP sent and received, I successfully logged into my vault - the first time in almost a year. To my utmost surprise, I discovered a brand new signatory to my Vault - Trudey Schucker (d******@gmail.com). My panic attacks finally returned. My first guess was that I had been hacked. In between heart palpitations I reached out to Coinbase support via a form on the website. After filling out the form, I got an auto-response email from Coinbase that my region was not supported thus I was not entitled to support. I Googled ferociously for their direct email handle and once again, sent them an email. They automatically created a CaseID (Case# 16774189) for the issue. Finally, some respite, I hoped. 2 days later, I got a reply from Coinbase - "Coinbase will only offer self-help customer support in your region" or in other words, "Coinbase does not owe you support". When I tried sending further messages, I go another auto-response - "This case has been closed and cannot be reopened."
Coinbase Compliance enters the picture
A day later, I got the following email from Coinbase Compliance:
My first reaction was that it was a phishing email of some sorts. All doubts were cleared when 5 days later, I got a reminder from Coinbase Compliance to forward all the requested documents or my account will be closed. To be clear, I had done 100s of KYC in my short lifetime but what Coinbase was asking for was unprecedented. Nevertheless, I decided to go along and provide all the requested documentation which was akin to a colonoscopy - from banking statements, to business documents and invoices, to private conversations, to Brokerage statements, to Transaction histories at other Exchanges, etc. I gave it all up. I also mentioned the issue with the Vault multiple times because I believed that since I was emailing with a real human, it was worth a shot. 2 days after the completion of the Coinbase colonoscopy, I received the following email:
My account is to be shut down in 8 days.
Goodbye Crypto!
Yesterday, I logged in again and tired to move my funds from the Vault but once again, the fake signatory prevented access. Finally, I Googled "unathorized email on coinbase vault" as I now believed the issue stemmed from Coinbase. Holy cow. Reddit was awash with this issue of Coinbase adding an unauthorized email to Vaults going as far back as 6years ago - here; here; here and here. In 8 days, Coinbase will close my account and I will lose a significant sum of money because Coinbase added their own signatory to my account, prevented me from withdrawing my money and closed my account to hide the trail. It's the cleanest scam there is.
It all finally made sense.
I had been conned.