Coinbase Exchange steps up to prevent credential stuffing

Matt Muller, Head of Trust Operations at Coinbase blogged on 10 April about a new layer of security introduced to prevent ‘credential stuffing’ attacks.

Matt commenced by commenting on the rise of data compromises and advanced methods for phishing websites. He indicated that a user’s password may be floating around in a portal which could easily fall prey to hackers. Matt added that access to credentials from one website may be tried on other websites to gain unlawful entry. This is termed as ‘credential stuffing’.

In a bid to prevent such mishaps, Matt cited on the new feature by Coinbase as –

“Starting today, however, our Security team will notify you if we find your email address and password in a data breach or credential dump from another website, and will proactively lock your account if that email/password combination is currently valid for your Coinbase account. This gives you the opportunity to change your credentials before they can be used against you.”

Matt expressed that Coinbase had already put into force multiple tiers of security to thwart such missteps. He noted that such lines of defence remain unnoticed by the customers. However, with the new handout, there is a level of interaction between the customer and their Coinbase account. Users would be prompted in a timely manner and their account would be safeguarded.

Matt sustained by throwing light on how Coinbase has achieved this measure. He introduced a term called ‘hash’ which converts plain text password into gibberish. When a user logs in, their password is converted to hash and validated against the stored field. During incidents of a security breach, the exposed email and password is validated against existing Coinbase accounts. If there is a match, the user account is locked out and thereby protected.


Recently, Coinbase shared key elements of their comprehensive crypto insurance program adopted at the digital exchange. The report expressed that even after news articles covered details related to insurance for cryptocurrency companies, there is still much ambiguity. The blog attempted to clear the haziness with Coinbase’s approach to insurance.

Matt concluded by extending a helping hand to consumers who still remained dubious or had some concerns. Such customers could directly get in touch with the team via the shared email address. He emphasized on the outreach of Coinbase to share vital information related to security. Matt added that through such activities, Coinbase endeavoured to keep its customers and the crypto community as safe as possible.