Hackers Exploit MFA Flaw to Steal From 6,000 Coinbase Customers

The giant cryptocurrency exchange informed some customers that they had been victimized by a hack. 

Coinbase has sent thousands of emails to customers informing them of an attack that took place between March and May 2021. The exploit targeted a flaw in the exchange’s two-factor authentication system and saw a significant number of customers affected. 

The email says that “At least 6,000 Coinbase customers had funds removed from their accounts, including you. In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox.”

Coinbase plugging holes and investigating the hack

Coinbase admits that it has yet to determine exactly how these third parties managed to gain access to users’ personal information. However, “this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. ” says the letter. Coinbase adds that they have found no evidence that the bad actors obtained any personal information from within the Coinbase platform. The letter elaborates on how the authentication works, saying that even with all of the aforementioned personal information, additional authentication would be required to access Coinbase accounts. 

The exchange concluded that customers who use SMS text messages to manage two-factor authentication were targeted specifically. The attackers used a flaw in the SMS account recovery process to be sent a recovery token and take control of user accounts. The email goes on to state, “Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.” Coinbase claims that the issue has since been rectified and the SMS account recovery system will no longer bypass other authentication processes. Happily, for the victims of the theft, Coinbase will be depositing funds into their accounts equal to the amount stolen by the bad actors. 

According to the news, the third-party thieves were able to access personal email, phone numbers, full name, home address, date of birth. The exchange adds that its team has been working with law enforcement to help investigate the individuals involved in the cybercrime. 

What do you think about this subject? Write to us and tell us!

The post Hackers Exploit MFA Flaw to Steal From 6,000 Coinbase Customers appeared first on BeInCrypto.