MARLTON, New Jersey (WPVI) -- This is a warning for anyone dabbling or investing in cryptocurrency.
A South Jersey man turned to the Troubleshooters after hackers took tens of thousands of his money.
Vibhor Jain of Marlton, Burlington County, says he feels physically sick every time he thinks about his depleted cryptocurrency account.
"This is just ridiculous that this happened," he said.
Jain had been growing his Coinbase account for five years. His investment over that time were between $28,000 and $30,000.
Then last year, he received a suspicious message.
"I got some notification on my phone that said my Coinbase password is changed, and I was not able to log into my Coinbase account," he said.
Jain says within minutes, hackers used 400 transactions to drain his account.
He said an estimated $34,500 was gone.
Jain believes Coinbase should have red-flagged the transactions.
"This is a financial institution Coinbase should have been able to check that pattern and immediately stop those transactions," he said.
As an I.T. engineer, Jain thought he did everything necessary to secure his accounts.
But Jain later learned his personal information had been compromised in two separate data breaches involving Coinbase and his cell phone carrier.
He says he didn't get notification of either one.
"They should have made sure that all the accounts should change their passwords. Enforce that," Jain said.
Chris Pierson, founder and CEO of cybersecurity firm BlackCloak said creating a long, complex password is critical.
Ideally it should be a sentence or phrase only you can guess.
"Making sure that password for your crypto account is not one that is used on any other account is going to be a vital importance," said Pierson.
If it's difficult to remember, Pierson suggests to use an encrypted password vault.
Also make sure you have an extra layer of authentication to get into your account.
"Duel factor authentication is going to be either an SMS code that's texted to your phone, or you have some type of authenticator," he said. "Could be an actual token that you insert into the computer to do the transaction or an actual authenticator app."
And never accept any unsolicited offers you receive via text, email or phone call to get involved in cryptocurrency.
Experts say if you already have a crypto account, do not accept any incoming requests asking for you to provide information.
The Troubleshooters did reach out to Coinbase on Jain's behalf, and Jain said while he can't divulge the details, he is pleased with the outcome after the Troubleshooters got involved.
Coinbase told the Troubleshooters they can't speak about Jain's case specifically due to confidentiality.
However, they did issue a statement on security and customer care in general.
"Coinbase takes extensive security measures to ensure our customer accounts remain as safe as possible. In addition to educating our customers on best practices for securing their Coinbase accounts, Coinbase has a dedicated fraud investigations team and policy to ensure specialized support for our customers. We also began rolling out phone support specifically for ATOs in August of 2021, and delivered global phone support for all customers, and live messaging late last year.
When issues occur, we work directly with customers to resolve them. We are not able to share details about Mr. Jain's account due to customer confidentiality. In most cases, Coinbase does not cover any losses resulting from unauthorized access to Coinbase accounts due to a compromise of a customer's login credentials, which is often the cause of account takeovers.
We acknowledge that these are terrible crimes that can have a significant impact on consumers. With more and more of our personal information available online, it is increasingly important for consumers to understand how to protect their personal email accounts and cell phones from unauthorized third parties. Once a third party gains access to a consumer's email or phone, that consumer's other online accounts may also be at risk. That is why Coinbase regularly works to educate our customers about how to protect their personal email accounts and phones -- it is the most important thing they can do to prevent unauthorized access to all of their online accounts, not just Coinbase.
We encourage all our customers to take important steps to securing their online accounts. You can see an overview below and the full details in our Help Center.
Use a strong unique password for each of your online accounts
Do not store API key data in a public space or forum
Ensure all financial accounts and email have 2FA (two-factor authentication) enabled, preferably using a TOTP code generator (Time Based One-Time Passcode)
Regularly sign out of your Coinbase account
Ensure your mobile device carrier has additional security features enabled for your cellular account."