Coinbase has been hacked and, according to the company, attackers could gain access to the victims’ inboxes via phishing emails and then exploit a vulnerability in Coinbase’s two-factor SMS system to hack Coinbase user accounts.
Coinbase hacked with 6,000 customers damaged
Coinbase Inc., the leading public cryptocurrency exchange, has been hacked and, as many call it, an intricate hacking process. The exchange reported that at least 6,000 accounts were hacked and all funds were withdrawn. Coinbase sent a letter to victims affected by the hack, revealing that they may have fallen victim to a phishing campaign.
“Unfortunately, from March to May 20, 2021, you became the victim of a third party campaign to gain unauthorized access to Coinbase customer accounts and remove customer funds from the platform. Coinbase. At least 6,000 Coinbase customers have funds removed from their accounts including you.
While we cannot determine exactly how these third parties will get access to this information, this type of campaign often involves phishing attacks or other social engineering techniques to trick the victim into unwittingly divulging credentials to a villain. We found no evidence that these third parties obtained this information from Coinbase themselves. “
The account violations occurred between March 2021 and May 20, 2021. Coinbase suspects that hackers used a large-scale email phishing campaign to trick many customers into giving their email addresses, password, and phone number associated with their account. In addition, unknown perpetrators gain access to the victim’s email inbox through a malicious application that is able to read and write the inbox if the user gives permission.
However, the password is not enough to break into the Coinbase account. By default, the company secures accounts with two-factor authentication, which means you need both a password and a one-time passcode that is generated on your phone to access the account.
In some cases, hackers can steal a one-time passcode. It does this for users who have secured their accounts with a two-factor authentication system that relies on sending codes via SMS.
“Once attackers have compromised a user’s inbox and Coinbase credentials, in rare cases they can use this information to impersonate users, obtain authentication codes with two-factor SMS, and gain access to Coinbase customer accounts,” said a spokesman for the crypto exchange to PCMag in a statement. The hackers then stole the crypto funds.
Important NOTE: All content on the website is for informational purposes only and does not constitute investment advice. Your money, the choice is yours.
Coinbase has been hacked and announced a fix
Coinbase did not disclose how the identity theft took place. The statement shows, however, that the attackers used a SIM swapping attack to trick the cell phone provider into passing on the victim’s cell phone number.
In response, Coinbase said it was compensating victims for the stolen cryptocurrency after the company reportedly did little to help consumers who witnessed the attacks.
“We fixed the bug immediately and worked with these customers to regain control of their accounts and get the money back,” added a company spokesman.
Coinbase is also encouraging customers to forego the SMS-based two-factor authentication system for more robust methods. This includes generating a one-time passcode in the mobile app or using a hardware-based security key.
In a blog post published earlier this week, the crypto exchange also emphasized that hackers have never breached Coinbase’s security infrastructure or broader systems. “We found no evidence that these third parties obtained this information from Coinbase themselves.”
Join our Facebook group and Telegram group Coincu News to chat with more than 10,000 other people and exchange information about the crypto currency market.