If you are new to bitcoin or even if you are not, do you really want to do business with a company from which the theft of your bitcoin is this easy? Here is my true story:

A few weeks a go, my husband and I decided to make a $10,000 donation to a preschool in our town. His bitcoin investment was doing very well and we felt that we could afford the gift.

Because of the way the tax rules work regarding donations to a nonprofit, donors can avoid capital gains taxes by directly giving property rather than selling the property and then donating cash.

We contacted Rita, the director of the preschool, and let her know that we wanted to make a donation of $10,000 worth of bitcoin. She was delighted, of course. But, as she was unfamiliar with bitcoin, and using online accounts in general, she asked some colleagues about which exchange to use to transfer the money into her bank account.

She chose to open an account in her preschool’s name at Coinbase. The process of opening an account, verifying the account, and connecting to a bank account at Coinbase is a long, painful process over many days and there are lots of reasons to want to have contact with Coinbase during the process. Unfortunately, Coinbase support is almost non-existent.

However, I did not know this at the time. I assumed that a company as well known as Coinbase must have phone support. So I googled “coinbase phone support” and a number popped up. I gave this number to Rita.

It turns out that this number was a fraud. When Rita called it, a man identified himself as a Coinbase support rep and asked her to go to a special Coinbase support website where he had Rita enter her username, password, and the confirmation code texted to her phone. Coinbase, by default, requires confirmation of the computer that is being used before allowing a login. They do this by sending a device confirmation email to the email address on file for the account holder. That email must be opened on the same device as that on which the browser is accessing Coinbase. At the moment, we still don’t know how the scammers managed to get around this requirement.

The result is that the bitcoin is gone from Rita’s preschool’s account and we are left puzzled about how this was possible given Coinbase security.

The theft seems to be largely the fault of Coinbase for these reasons:

Coinbase support is schockingly bad. Even days after this theft of funds Coinbase has not responded to my emails. This lack of communication leaves their customers without the type of assurance that seems a natural part of handling other people’s money. And anxious customers are prey to scammers. They offer no telephone support. They don’t actually tell you this, by the way. They let you search their site vainly for a number until you decide to google it. If they simply announced on their site,”Note: we do not offer phone support,” this type of scam could be avoided. The lack of phone support leaves them open to exactly this type of fraud. They must certainly be aware that this type of scam is a threat to all Coinbase customers but they simply ignore it. Coinbase security was apparently designed to prevent transactions coming from untrusted devices yet the device confirmation apparently failed and Coinbase was breached. New account holders are likely to be less sophisticated customers like Rita. Coinbase, therefore, has a responsibility to have excellent security and support for those customers. Better security and/or support would have prevented this scam from succeeding.

I’m still waiting to hear something, anything really, from Coinbase. I’ve found warnings online for exactly this type of scam and I’m wondering why Coinbase has apparently not protected its customers from them. I am hesitantly accepting that our gift of bitcoin is gone, that our gift was stolen by scammers.

And I’m left feeling extremely disappointed with Coinbase.