Reddit link: http://redd.it/1uk37k

tuttle123's hack story: http://www.reddit.com/r/CoinBase/comments/1uk37k/coinbase_account_was_hacked_16000_stolen_3_weeks/cejcq8p

Woke up December 15th, check my email and to my horror see "You just sent X BTC..." and "The X BTC you just purchased..." emails in my account. In the span of 3 minutes, the hacker sent the 10BTC I had in my account out, then made instant purchases and transactions of 5 BTC, 3 BTC, and 2 BTC.

Blockchain transactions:

~10 BTC: https://blockchain.info/address/12VvMbLGRAiBYK8fxqNNKEFA3xdapaFhJR

5, 3, and 2 BTC here: https://blockchain.info/address/1PQRoB6sK5MMDQ1WTd4awxsok24gMVSERA

I report this to coinbase through their ticket system. 24 hours later, they sent me some questions. I'll summarize my responses: 1. I had a complex single-use account password. 2. Was not using API, though did have iphone mobile app. 3. Used 2FA with Authy, which never left my side.

I heard nothing from CoinBase for 3 weeks.

A few days ago I received this response:

"I'm very sorry to hear this. It appears that an attacker was able to access your account by using your API access key. While disabled by default, it's imperative that this information be stored securely once enabled. If someone obtains this number they would be able to send all of the bitcoin out of your account."

To reiterate, I didn't enable API access beyond their own mobile app. Apparently I'm out of luck. I don't believe I was particularly negligent here, and their lack of any help (even info, etc) is very frustrating.

I'm happy to answer any questions, here or elsewhere. Advice or recommendations definitely appreciated.