Learning & Information

Partnerships

What to Do If Your Google Account is Compromised

Feb 4, 2026 | 3 min read

This is a post in collaboration with Coinbase. Your Google account is often the gateway to your exchange accounts—whether you use it for login authentication, two-factor verification, or as your primary email for account recovery. Follow these step by step instructions to prevent persistent access by the threat actor, which could lead to lost accounts, scams, and further damage.

This is a post in collaboration with Coinbase, please see the original blog post here .

Key Takeaways for Coinbase Users

✅ Your email is your crypto's first line of defense—secure it like you secure your wallet

✅ Never share 2FA codes with anyone—not via phone, email, or text. Google and Coinbase will never ask for them

✅ Use unique passwords for your email and Coinbase accounts. Consider a password manager

✅ Enable hardware security keys on both Google and Coinbase for maximum protection

✅ Stay vigilant: Review your account activity regularly and report suspicious behavior immediately

Why This Matters

Your Google account is often the gateway to your Coinbase account—whether you use it for login authentication, two-factor verification, or as your primary email for account recovery. If a threat actor gains access to your Google account, they may attempt to:

• Reset your Coinbase password
• Intercept 2FA codes sent to your email
• Access recovery information for your Coinbase account
• Bypass security measures and gain unauthorized access to your crypto assets

Taking immediate action to secure your Google account is critical to protecting your Coinbase holdings.

Immediate Action Steps

1. Change Your Google Account Password Immediately

• Navigate to myaccount.google.com/security
• Select Password under "How you sign in to Google"
• Create a strong, unique password (minimum 12 characters with uppercase, lowercase, numbers, and symbols)
• Never reuse this password on any other site, including Coinbase

⚠️ Pro Tip: If you can't log in, use Google's Account Recovery to regain access.

2. Sign Out of All Devices

• Review recent activity at myaccount.google.com/device-activity
• Sign out of any unfamiliar devices or all devices as a precaution
• Complete the Security Checkup

3. Check for Email Forwarding and Client Connections

This is critical for Coinbase security: Attackers often set up email forwarding rules to intercept password resets and 2FA codes.

• In Gmail, go to Settings → See all settings → Forwarding and POP/IMAP
• Check Forwarding for any unauthorized email addresses and delete them
• Under POP Download, select Disable POP
• Review Filters and Blocked Addresses for suspicious auto-forwarding rules

Why this matters: If an attacker forwards your emails, they can intercept Coinbase security notifications and password reset links.

4. Revoke Third-Party App Access

• Visit myaccount.google.com/security
• Review "Third-party apps with account access"
• Revoke access to any unfamiliar or non-essential apps
• Check detailed permissions at myaccount.google.com/permissions

5. Reset Your Two-Factor Authentication (2FA)

Since an attacker may have compromised your authenticator:

a) Temporarily disable 2FA:

• Go to myaccount.google.com/security
• Under "2-Step Verification," select Turn off

b) Re-enable 2FA with fresh credentials:

• Set up a new 2FA method—do NOT reuse previous QR codes
• Recommended options:
  • Google Authenticator (fresh setup)
  • Hardware security key (YubiKey)
  • Google Prompt on a secure device

🔒 Coinbase Recommendation: Use a hardware security key for both your Google and Coinbase accounts for maximum protection.

6. Update Account Recovery Options

• From myaccount.google.com/security , verify:
  • Recovery email address
  • Recovery phone number
• Ensure these are current, secure, and not compromised

7. Secure Accounts Linked via Google Sign-In

If you use "Sign in with Google" for Coinbase or other services:

• Visit myaccount.google.com/permissions
• Revoke access and reset passwords on linked accounts
• For Coinbase specifically: Log in directly and change your password, even if you use Google sign-in

8. Review Your Coinbase Account Security

After securing your Google account, immediately check your Coinbase account:

• Change your Coinbase password
• Review recent activity and transactions
• Verify all 2FA methods are still under your control
• Check withdrawal addresses for any unauthorized additions
• Review API keys and revoke any you don't recognize
• Enable address whitelisting if not already active

🔗 Visit: Coinbase Security Center for additional protection options.

9. Enable Enhanced Google Security Features

• Turn on Enhanced Safe Browsing at myaccount.google.com/security
• Consider enrolling in Google's Advanced Protection Program if you're a high-value target

10. Report the Incident

• Report to Google: support.google.com/accounts/contact/compromised
• If you suspect unauthorized Coinbase access, contact Coinbase Support and zeroShadow immediately