What is a phone-based attack?
A phone-based attack (also known as SIM-swap or phone-port attack) occurs when an attacker has their target's phone number transferred to a mobile device under the attacker's control. Fraudsters are able to do this through a variety of means, including identity theft and socially engineering mobile-carrier customer support representatives. This type of attack is a threat to all accounts using SMS-based 2-step verification and any account that can be recovered using phone-based authentication.
How can I prevent a phone-based attack?
To help protect your Coinbase account from this type of attack, we highly recommend utilizing a stronger form of 2-step verification such as Universal 2nd Factor (U2F) with a security key or Time-based One Time Password (TOTP) with a mobile authenticator app such as Duo or Google Authenticator. To learn more about keeping your Coinbase account secure, please reference this help article.