I did not know how vulnerable SMS based 2FA is. A SIM swap attack left my Coinbase account open to access after a password reset. The hacker attempted a purchase of $30,000 of BTC. I’m not sure if they took my other assets, exchanged them for BTC, or just took as much as they could of the pending purchase. In the 2 weeks it took Coinbase support to respond to my request for assistance in regaining access to my account, I believe Coinbase liquidated my assets to pay for the failed purchase.
I lost about $8,500.
I’m responsible for the rest of the payment, which is $5,700. I’m not paying it and will never use Coinbase again.
It could have been avoided if Coinbase took a great feature from [Binance.US](https://Binance.US) and temporarily disabled withdrawing after a password change. I hope they add that feature for others who are brave enough to still use Coinbase.
Please learn from my mistakes. Use something better than SMS 2FA, and don’t keep assets in exchanges.