> — never give out codes sent to use via sms or push notifications to someone requesting them via phone or email. Never. The messages often even say that!

I tried making this point downthread but it bears repeating higher up. Per OP, this was account with Authenticator enabled. If you have a working authenticator setup, they aren't going to "ask for a code", since by definition you're already authenticated. And while I'm no expert, I really don't think there is such a thing. Recovery for a lost account never goes back to device-in-hand once you have enabled full 2FA.

Something is being skipped in the description of the phish here. I don't think OP is being completely honest.

▲

davidscoville 4 days ago | parent [-]

The code I read to them was a Google account recovery code. That’s how they accessed my Google account. I, mistakenly, believed they needed to confirm I was still alive and the rightful owner of the account.

Then the attacker used Google SSO to perform the initial log in to my coinbase account. Then they opened Google Authenticator, signed in as me, to get the coinbase auth code so they could complete coinbase’s 2fac.

	▲	ajross 4 days ago \| parent [-]
		But... that's an email that would be sent to a non-gmail address, the one on file that you originally registered your account with. And while I don't have copies of the transactions in front of me, these things are not unclear as to their purpose or intent. They tell you straight up that they're resetting the authentication for the account and to be sure you are doing it intentionally. They're also accompanied by warnings that would be simultaneously sent to your active gmail address and to the Authenticator app. I really think you're reaching here trying to ascribe blame. You... just got phished.