6,000 Coinbase User Accounts Hacked Due to Multi-Factor Authentication Bug

Bleeping Computer reported that cryptocurrency exchange Coinbase has notified about 6,000 customers that their accounts have been hacked due to a vulnerability in the multi-factor authentication system. From March to May 2021, unknown attackers infiltrated other people’s accounts in order to steal cryptocurrency.

Coinbase is the second largest cryptocurrency exchange in the world, used by about 68 million people from over 100 countries.

The scale of the incident is not very large, since the attack cannot be called simple. For a successful hack, the hackers needed to know the victim’s email address, password and phone number associated with the Coinbase account, as well as have access to the target’s mailbox.

It is not yet clear how attackers gained access to all this information, but phishing campaigns targeting Coinbase users have become common lately, and many banking Trojans have “learned” how to steal registered data from cryptocurrency exchanges.

Even in the case when the attackers had all the necessary data, access to other people’s funds was still protected by multifactor authentication (MFA). Coinbase recommends all users to use MFAs through hardware security keys, Time-based One Time Passwords from dedicated authentication applications, or, as a last resort, SMS text messages.

As it turned out, there was a vulnerability in the procedure for restoring an account via SMS, which allowed hackers to obtain a two-factor authentication token necessary to access the account.

In this incident, which affected customers using SMS for two-factor authentication, a third party exploited a vulnerability in the Coinbase SMS account recovery process to obtain a two-factor authentication token via SMS and gain access to other people’s accounts.the company said.

Since the bug allowed cybercriminals to gain access to the so-called “secure accounts”, the exchange will compensate users for all the damage done and place funds equal to the stolen amounts on the affected accounts. “You should see this in your account no later than today,” promises Coinbase.

Since the attackers had full access to other people’s accounts, the personal information of the exchange clients was also disclosed, including full names, email addresses, home addresses, dates of birth, IP addresses, transaction history, assets and account balances.

Since the attack required a password from the Coinbase account and customer mail, victims are strongly advised to change their passwords immediately. Coinbase also recommends that all users switch to a more secure MFA method, such as a dongle or a dedicated authenticator app.

Let me remind you that we also reported that Hackers stole $ 29 million from Cream Finance platform.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button