• Hackers take advantage of an MFA flaw to steal from 6,000 Coinbase customers

  • The massive cryptocurrency exchange informed some of its customers that they had been hacked.

    Thousands of emails were sent to Coinbase customers informing them of an attack that occurred between March and May 2021. The exploit targeted a flaw in the exchange’s two-factor authentication system, affecting a large number of customers.

    According to the email, “at least 6,000 Coinbase customers, including you, had funds removed from their accounts.” These third parties required prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox, in order to gain access to your Coinbase account.”

    Coinbase is plugging holes and conducting an investigation into the hack.

    Coinbase admits that it is still investigating how these third parties obtained access to users’ personal information. However, according to the letter, “this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.” Coinbase also states that they have discovered no evidence that the bad actors obtained any personal information from the Coinbase platform. The letter goes into greater detail about how the authentication works, stating that even with all of the previously mentioned personal information, additional authentication would be required to access Coinbase accounts.

    Customers who use SMS text messages to manage two-factor authentication were specifically targeted, according to the exchange. The attackers took advantage of a flaw in the SMS account recovery process to obtain a recovery token and gain access to user accounts. The email continues, “Once in your account, the third party was able to transfer your funds to cryptocurrency wallets unrelated to Coinbase.” According to Coinbase, the problem has been resolved, and the SMS account recovery system will no longer bypass other authentication processes. Fortunately, Coinbase will deposit funds into the victims’ accounts equal to the amount stolen by the bad actors.

    Third-party thieves, according to the news, were able to access personal email, phone numbers, full name, home address, and date of birth. According to the exchange, its team has been collaborating with law enforcement to assist in the investigation of the individuals involved in the cybercrime.

    What's your reaction?