How to report unauthorized transactions on my Coinbase account?

Immediate Account Lockdown Procedures

1. Log in to your Coinbase account immediately using only official domains—never via email links or third-party shortcuts.

2. Navigate to the Security tab and select “Lock Account” to suspend all trading, withdrawal, and transfer functions instantly.

3. Disable all active API keys under the API Settings section to prevent further automated access by unauthorized parties.

4. Revoke all connected OAuth applications, including wallet integrations and DeFi dashboards, from the Connected Apps panel.

5. Initiate a full device list review and sign out of all sessions except your current trusted device.

Documenting Transaction Evidence

1. Export raw transaction logs directly from the Activity page using the “Download CSV” function—do not rely on screenshots alone.

2. Capture timestamped wallet addresses involved, including both sender and recipient, with full transaction hashes visible.

3. Record the exact time zone, local time, and UTC offset for each suspicious entry to support forensic correlation.

4. Preserve browser console logs if the unauthorized action occurred during an active session—access via F12 > Console > Save as log.

5. Note whether two-factor authentication was bypassed, challenged, or absent at the time of the transaction.

Escalation Through Official Coinbase Channels

1. Submit a formal case via the Coinbase Help Center using the verified email associated with the account—no alternate emails accepted.

2. Attach all exported evidence files directly to the ticket; do not compress or password-protect them.

3. Reference your account’s 16-digit alphanumeric ID found in Settings > Account > Account Information—this is mandatory for verification.

4. Select “Unauthorized Transaction” as the primary issue category; avoid generic labels like “Security Concern” or “Account Issue.”

5. Avoid public forums or social media DMs for reporting—Coinbase does not monitor those channels for fraud cases.

Coordinating With External Entities

1. File a report with the Internet Crime Complaint Center (IC3) using your Coinbase case number and full transaction metadata.

2. Notify the blockchain explorer used (e.g., Etherscan, Blockchain.com) to flag the recipient address—some explorers accept abuse reports.

3. Contact your bank or card issuer immediately if fiat withdrawals were initiated via linked payment methods.

4. Report phishing domains or spoofed Coinbase login pages to Google Safe Browsing and PhishTank using their respective submission portals.

5. If hardware wallet seed phrases were compromised, generate new wallets offline and migrate remaining assets without reusing any prior keys.

Frequently Asked Questions

Q: Can Coinbase reverse a confirmed on-chain transaction?No. Once broadcast and confirmed on Bitcoin, Ethereum, or any public blockchain, transactions are immutable. Coinbase cannot alter or cancel them.

Q: Does Coinbase reimburse stolen funds from compromised accounts?Reimbursement is evaluated case-by-case and depends on adherence to security best practices—such as enabling SMS-free 2FA and avoiding phishing links. No blanket guarantee exists.

Q: How long does Coinbase take to respond to a fraud report?Initial acknowledgment occurs within 24 business hours. Full investigation timelines vary but typically span 5–12 business days depending on evidence completeness.

Q: What if the unauthorized activity happened after I clicked a fake Coinbase support link?Coinbase will not validate credentials entered on non-coinbase.com domains. Such incidents are classified as user-initiated credential exposure and fall outside standard fraud coverage.