I was just posting that as an example of a bank account being drained to buy crypto which is then immediately transferred to another wallet.
That post doesnāt substantiate any of the things youāre claiming though, specifically that the bank account was ādrainedā or that those funds were transferred and made available immediately. The poster answered no questions, instead opting to make several similar āwarningā posts elsewhere, two of which were deleted as spam. So surely you can see what we mean about these cases having a high rate of flakes who canāt (wonāt) provide a set of facts that totally add up.
Ok fine but the dealer and my friend said their BofA/Paypal account was drained to buy crypto, and then that crypto was transferred to another wallet. Others itt have also said they think this is possible. No one is saying that actual money was taken off the site like via cash out. Itās all about transferring the crypto to the hackerās wallet.
People can fudge about how they were hacked. But if there was no point draining someoneās BofA or Paypal to buy more crypto, I doubt the hackers would be doing it. And I doubt people are just lying about something as binary as that. My friend was aware of the hack almost as soon as it started. He didnāt find out about it a week later. When your phone stops working you tend to notice pretty quickly.
I can say my dealer friend is not particularly knowledgeable tech-wise and couldnāt answer some basic questions, almost certainly because he doesnāt know rather than because heās being evasive. Heās just another guy clicking buttons, treating crypto and stocks as a way to gamble.
I just want to know if there is any info he can ask for so someone can trace activity of whatever wallet his funds were transferred to.
I must be misunderstanding you because the answer is, āyeah of course.ā All transfers are viewable on the blockchain.
Phishing scams can be elusive and is more than just not just clicking on an email that saying "giantwetpussy:)4324. Banks arenāt obligated to reimburse you when your debit card that never left your wallet is being used at a costco in Florida but they always do because there is no way that it can be fully avoided from all threats.
Like, threats could be like this and far less obvious than it.
I know itās possible to track, given sufficient data. I donāt know if Coinbase will give him the info or if he can find it on his own within his account. I donāt know if someone who can hijack an account can delete this to make it harder.
Heās certainly not the kind of person to do record keeping of info that would help.
Your full transaction history is readily available on Coinbase, and every other exchange.
User icon ā Reports
I donāt think anyone here is claiming or even insinuating that they are lying. We just want accurate details, because it would be nice to know if they are saying the scammers found some way to bypass the funds being in jail. That would be a pretty huge deal.
Maybe @surf can fill us in. Assuming the bank account has already been established, does a new transfer from the bank to coinbase alway stay in jail, and is not available to purchase crypto immediately? If newly transferred funds are available to purchase crypto, is that crypto somehow segregated and not allowed to be transferred to another wallet?
Hereās what my friend posted a couple days after the attack:
Assuming the bank account has already been established, does a new transfer from the bank to coinbase alway stay in jail, and is not available to purchase crypto immediately?
Jail isnāt a purchase hold, itās a cashout hold. You canāt reload with ACH, buy crypto, and then dump that off Coinbase immediately. That is always subject to a holding period. So we need to know some specific things here. Did the scammers use an ACH transfer or some other method (wire) and how long did this process take?
Iām just guessing here, but it seems like theyād almost have to take control of your bank account to ādrainā it. If they donāt, then a wire would be impossible, limiting them to ACH. In that case, theyāre guessing how much money is available to drain while also being subject to the hold. Like, letās say you have $500 in your checking account and the scammers try to initiate a $25,000 ACH deposit into CB. What happens in that case?
If you all were wondering what a Florida SIM swapper looks like, hereās your man:
US Attorney Duane Evans said that Defiore was sentenced on October 19 and will serve three months probation, a year of home confinement, and must perform 100 hours of community service.
The SIM-swapper must also pay a $100 fee and $77,417.50 in restitution. The SIM-swapper must also pay a $100 fee and $77,417.50 in restitution.
Lol year of home confinement during a pandemic and pay back some of the money you stole. Itās nice work if you can get it.
If the bank account itself was compromised (this isnāt perfectly clear but I think thatās what heās saying), then do we even know if the account was used to buy crypto on his Coinbase account? If I have direct access to your bank account Iām not going to bother adding a step where the money goes into your Coinbase account first, Iām directly loading up my own account at ShadyExchange.ru.
Juggalo in a cotton candy onesie is exactly who we thought they were.
A fat more white-trash-y Travis Kelce?
At no point have I ever said that the hacker cashed out from coinbase. The attacker used an ACH to buy my crypto, then transferred that crypto to another wallet. Iāve been very clear about that. You guys are the ones who keep bringing up cashout jail.
I think they did have access to his checking account as well (through text-password reset), which is how they knew how much they could drain.
The hacker was already in his coinbase account and transferred all of his existing crypto to another wallet. That was the first thing that happened.
So once the hacker knows that works, the path of least resistance may be just do an ACH from the trusted, already linked bank account, buy more crypto, then transfer that crypto to the same wallet.
Coinbase doesnāt put the funds in your account until the ACH is settled, which typically takes 3-5 business days. So Iām not sure how they could immediately drain bank via ACH.
"The ACH bank transfer system is used for payments with your bank account and typically takes 3-5 business days* to complete after initiating a purchase. The timing will be displayed prior to confirming your order.
You may see the funds immediately debited from your bank account when you initiate the transfer, but they will not be transferred to your wallet until your payment has finished moving between the banks and clears in our bank account."
Iām pretty sure the only way to instantly move funds vis ACH is to initiate the transaction from the bank and not Coinbse (i.e. a push ACH vs. a pull ACH). Push ACH transactions can be done the same day, but a pull ACH transaction has to wait at least one day to be processed.
https://www.nerdwallet.com/article/banking/ach-transfers
āFinancial institutions can choose to have ACH credits processed and delivered within the same day, or in one to two business days. In contrast, ACH debit transactions must be processed by the next business day. These timelines are based on rules from the National Automated Clearing House Association, or NACHA, the trade group that oversees the network. Upon receiving the money, a bank or credit union might also hold these transferred funds for a period of time, so the total delivery time varies.ā
So by rule a pull transaction (or debit) canāt be processed for at least one day (and sounds like Coinbase may place additional hold on ACH pull transactions).
Based on this, it sounds like the hacker had access to both his Coinbase account and his bank account (in order to do a same day ACH to Coinbase). He could have drained the bank account any way he wanted, but did so via the Coinbase account as that was easier.
Thus, unless Iām missing something, hacking your Coinbase account does not allow someone to immediately drain your bank account - unless youāve also hacked that bank account.
If the guyās bank account got compromised then Coinbase is irrelevant to it being drained. This is exactly the sort of detail people were suggesting might be missing from the story. All the crypto stuff is a red herring.
At no point have I ever said that the hacker cashed out from coinbase. The attacker used an ACH to buy my crypto, then transferred that crypto to another wallet.
Weāre not saying the scammer literally made a cash withdrawal from Coinbase to his linked bank account. That would be one of the dumbest things you could ever possibly do. Weāre talking about moving the coins off of Coinbase. The holding period on all of it is the same if you make an ACH buy.