Cryptocurrency exchange Coinbase Inc. is reported to have been making repeated unauthorized charges against customer bank accounts on the same day that IBM Corp.’s X-Force security team reported that hackers were targeting a cryptocurrency exchange.

IBM said it was a two-tier attack that hijacked bitcoin and credit card details, allowing hackers to make cryptocurrency purchases in the name of customers.

The drama involving the overcharging first appeared on Reddit, with customers claiming that after making cryptocurrency purchases, Coinbase subsequently made multiple charges against their account after the initial debit. Some claimed that they’d been charged five times by Coinbase. One user claimed he experienced 50 duplicate charges amounting to $67,000 and was preparing to take legal action.

Others complained that not only had they been overcharged by Coinbase, but they’d also been hit by overdraft charges as well. “So I spent $300 on some bitcoin, ether and litecoin purchases on Feb. 9th,” one user wrote. “I was charged $300 across the 3 transactions. Then days later, each of those transactions was repeated 5x as Withdrawal transactions instead of POS. I CAN NO LONGER STAY CALM. It’s been over a week with nothing but a canned response to my ticket. My bank account went from very comfortable to negatives balance, not to mention extra $5 charges, and overdraft fees. As a result my rent check bounced, and my bank went further into negative for a NSF charge for $25. My landlord is not a nice person and is on my CASE and I have nothing to offer him. I am FREAKING OUT.”

Coinbase admitted that some users have been overcharged, but it blamed Visa Inc., saying that “we have determined that the erroneous credit and debit charges are the result of Visa reversing and recharging transactions. This was not done by Coinbase. We are working with Visa to ensure all affected customers are reimbursed.”

It may well be an issue with Visa, but if it is, why is it only limited to Coinbase customers? Why are we not seeing customers from other companies complaining about this issue?

The alternative is that Coinbase may have been hacked. In a report this morning on the new version of the TrickBot malware, IBM X-Force said that the team behind the malware was focused on one particular exchange, unnamed by the researchers but said to allow for the purchase of bitcoin and Bitcoin Cash by credit card. The very same team behind TrickBot had previously been named as targeting Coinbase in August last year.

TrickBot uses web injections to steal the target asset, in this case picking up both bitcoin and credit card details. That means that the “cybercriminals can empty existing cryptocurrency wallets, make additional exchange purchases as the victim, and use the credit card information for whatever else they desire,” an X-Force spokesperson told SiliconANGLE. That some customers had multiple charges hit against their cards certainly does suggest hackers may have been making additional purchases after obtaining access to user accounts.

Photo: Pexels