This is a no day exploit of Coinbase Pro, as far as I understand.
I emailed the Support and cautioned them I would release if they didn’t repair it and they did not respond.
Anyone smelling traffic on the open web can quickly collect individual information of Coinbase Pro deals, consisting of:
quantity of BTC
Of course when chain analysis business get the get address they can reveal far more information consisting of other holdings and counterparty addresses.
The secret here is to understand the following about e-mail procedure: on the web the e-mail addresses and the subject line of an e-mail appear text, unencrypted!
Here is how it works:
1/ A coinbase client purchases Bitcoin on Coinbase
2/ Like all great bitcoiners, as quickly as possible, they send their bitcoin to a self-custody wallet.
3/ When you take that action Coinbase Pro e-mails you with the Subject line including BTC Amount and Receive Address
4/ Any one tracking network traffic can see in plain text your e-mail, your BTC and your wallet address
With this details they can browse the web for sources connecting your e-mail to your name, address, and contact number.
I constantly understood Coinbase was scammy however this is criminal carelessness.
Are they doing it to T-up information for the chain analysis business they buy or for a backdoor earnings stream from federal government? I don’t understand.
But I understand this is beyond “dont use it because they sell shitcoins” area and well into “dont use it unless you want to be attacked” area.