Phone-based attacks

What is a phone-based attack?

A phone-based attack (also known as SIM-swap or phone-port attack) is when an attacker has their target's phone number transferred to a mobile device under the attacker's control. Fraudsters do this through a variety of means, including identity theft and socially engineering mobile-carrier customer-support representatives. This type of attack is a threat to all accounts using SMS-based 2-step verification and any account that can be recovered using phone-based authentication.

How can I prevent a phone-based attack?

To help protect your Coinbase account from this type of attack, we highly recommend using a stronger form of 2-step verification, such as Universal 2nd Factor (U2F) with a security key or Time-based One Time Password (TOTP) with a mobile authenticator app like Duo or Google Authenticator. Learn more about keeping your Coinbase account secure.