Coinbase security vulnerability caused huge leak in user information

At the end of February Shubham Shah notified in a blog post  that a bug could cause huge harm to Coinbase worlds most popular Bitcoin exchange platform and it seems like hackers have exploited this security vulnerability Shubham has warned Coinbase about 4 months ago as hundreds of users are reporting on Reddit  that they are receiving phishing emails from Coinbase asking them to make transactions to other users.

The exploit works as following: Making use of the request money feature, hundreds of thousands of emails can be checked and since there is no limit to the amount of requests you can send, hackers have used thousands of emails and see which ones are from people with a registered Coinbase account, these can then be targeted with phishing attempt.

“Before you get the impression that this isn’t a security flaw in itself, please let me explain.

Phishers can use this flaw for serious harm. I believe it is a security issue on Coinbase, which will merely assist mass, targeted phishing.”

Shubham has used the exploit it self, allowing him to extract 400 email addresses with the appropriate owners first and second name. After contacting Coinbase, they said the following:

We are not considering account existence bugs to be high enough severity for our scope

About the Author

Hello, my name is Niels Bosch
and i am the founder of AmongTech. Currently living in the South of Spain. My main interests are web development, playing video games once in a while, Apple, Marketing and SEO. I am currently studying Business administration, Networking & Security and Database management and will be doing so for the next year.


  1. This is disturbing and the response from Coinbase irresponsible. I actually applied for a remote customer service position with them and made it to the final call. I was cut, but trust me – I would not have typed in such a moronic reply. Coinbase is a great company, but the attention spent to attracting their top talent at the expense of the nuts and bolts portion of the operation is a flaw and this is the reason. Thank you for bringing this to the communities attention.

    1. Completely agree on the fact that the response from Coinbase is BS. Thanks for the kind comment :-)

Leave a Reply

Your email address will not be published. Required fields are marked *