Coinbase API Key
Service Name: Coinbase
Service Description: Coinbase is a secure online platform for buying, selling, transferring, and storing cryptocurrency. It provides APIs for developers to build applications that can interact with the Coinbase platform.
Service Address: https://www.coinbase.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the API settings of your Coinbase account.
Secret Access Scope: Grants programmatic access to Coinbase services including account information, cryptocurrency transactions, payment methods, and other Coinbase resources depending on the permissions granted to the API key.
Secret Revokement URL: https://www.coinbase.com/settings/api
Secret Example: 2c2e97f914fcb338fa418ebb8b9e1228
Suspicious Activity Investigation Instructions:
- Review the Coinbase account activity log for unauthorized transactions or suspicious activities.
- Check API access logs to identify unusual API calls or access patterns.
- Monitor for unexpected cryptocurrency transfers or account changes.
- Verify if there were any recent login attempts from unfamiliar locations or devices.
- Check if any new API keys were created without authorization.
Mitigation Instructions:
-
Log in to your Coinbase account and navigate to Settings > API.
-
Locate the compromised API key and click "Delete" to revoke it immediately.
- Create a new API key with appropriate permissions if needed.
- Enable two-factor authentication (2FA) if not already enabled.
- Consider restricting API access to specific IP addresses.
- Review and adjust the permissions granted to any remaining API keys.
- Change your Coinbase account password as an additional security measure.
- Monitor your account for any suspicious activity for several days after the incident.