SAN DIEGO, Calif. (KGTV) - When Anwar Husain accessed his crypto savings account last Tuesday morning, he did a double take.
“I honestly felt numb. I don’t even know how this was possible. I still can’t process all the emotions,” said Husain.
“That's when I noticed $1.2 million dollars missing,” he added.
More than a year ago, Husain and his brother, poured their savings into an account with crypto exchange platform Coinbase.
The disappearing act was a confusing one, highlighted by a staggering amount of trades.
“It was 11,000 trades that happened in a five-hour period,” said Husain.
Such high-volume transactions have been hallmarks of crypto hacks in recent years.
Husain says in the transactions, his high-value coins were traded for lesser-value coins.
Once converted into these lesser coins, experts say hackers could flood the market, dump the coins and manipulate prices for profit, or they could sell the lesser-value coins to themselves.
“They could have just taken all the coins in my portfolio at a loss, or at a discount,” said Husain.
However it was done, the money appears to be gone. Husain and his brother, who co-founded Smashtech, a marketing firm for health and wellness brands, use the funds to support the business.
“We thought it was safe … really taken me for a whirlwind. It’s just been an absolute kick in the gut,” said Husain.
Husain says Coinbase told him they're looking into the matter and the FBI has reached out to him in the last week.
“Just trying to maintain some composure through this, and the belief that some resolution will come from it in the end,” said Husain. “I also want others to know this could happen to anyone.”
The FBI says they can't comment on active investigations.
In a statement, Coinbase says the user’s API key was compromised, which allows third-party apps and services to access accounts to streamline trading.
“Coinbase takes extensive security measures to ensure our customer accounts remain as safe as possible. In addition to educating our customers on best practices for securing their Coinbase accounts, Coinbase has a dedicated fraud investigations team and policy to ensure specialized support for our customers. We also offer global phone support for all customers, and live messaging.
The user had Application Programming Interface (API) keys compromised. We have contacted the account holder and forwarded the case to a specialist to review the account for reimbursement under the Coinbase One Account Protection program.
You may learn more about Coinbase One Account Protection Program here: https://help.coinbase.com/en/coinbase/other-topics/coinbase-one/account-protection [help.coinbase.com]
We acknowledge that these are terrible crimes that can have a significant impact on consumers. With more and more of our personal information available online, it is increasingly important for consumers to understand how to protect their personal information from unauthorized third parties.
We encourage all our customers to take important steps to securing their online accounts. You can see an overview below and the full details in our Help Center. [help.coinbase.com]
- Ensure all financial accounts and email have 2FA (two-factor authentication) enabled, preferably using a TOTP code generator (Time Based One-Time Passcode) or hardware 2FA key (like a Yubikey).
- Use a strong, unique password for each of your online accounts. Use a password manager like LastPass, 1Password, or Dashlane to easily generate and securely store unique passwords for all your online accounts.
- Do not store API key data in a public space or forum.
- Ensure your mobile device carrier has additional security features enabled for your cellular account such as your personal account PIN.
- Do not share personal banking information with any unknown third party
We recommend our users take the same, protective steps for all of their accounts."
This story was originally reported by Michael Chen on 10news.com.