The Coinbase cryptocurrency exchange reportedly encountered another security breach after attackers bypassed the company’s multi-factor authentication (MFA) functionality in a coordinated campaign earlier this Thursday.
Attackers stole cryptocurrency from 6,000 accounts, although the monetary value of the theft was not disclosed, according to a report by Bleeping Computer. Earlier this week, Coinbase informed affected customers that the theft took place between March and May of this year.
To gain access to the accounts, the attackers would need to know the email addresses, passwords and phone numbers of the affected users. It is not clear how the attackers obtained this information, although fraud against exchange users is not uncommon. However, Coinbase has identified a vulnerability in the account recovery process that attackers are exploiting to gain access to accounts:
” […] In this incident, for customers using SMS messages for two-factor authentication, a third party exploited a vulnerability in Coinbase’s SMS account recovery process to obtain a two-factor authentication token. SMS and access to your account. “
Coinbase, which operates one of the largest cryptocurrency exchanges in the world, has been harshly criticized for its poor customer service. As Cointelegraph reported, customers who had their accounts hacked and their funds withdrawn were unable to reach the support agents, resulting in thousands of complaints against the company.
Related: SEC is the only regulator Coinbase doesn’t want to see: Brian Armstrong
Coinbase’s IPO reached $ 86 billion in April, but the company has been unable to adequately scale its customer service space. In August, the company announced a new support line for customers who believe their accounts have been compromised.