6,000 Coinbase users had their accounts compromised because of a bug

According to Bleeping Computer, Coinbase disclosed today that a hacker could bypass the company’s SMS multi-factor authentication mechanism and steal funds from 6,000 users.

Hackers exploit MFA flaw to steal from 6,000 Coinbase customers

The breach of Coinbase customers’ accounts occurred between March and May 20, 2021, during a hacking campaign that combined phishing scams and exploits vulnerabilities in the company’s security measures.

Coinbase said that to carry out the attack, hackers needed to know a user’s email address, password, and phone number and gain access to their email accounts. It’s not clear how the hackers gained access to that information.

However, Coinbase did identify a vulnerability in the account recovery process that the attackers exploited to gain access to the accounts. “In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to your account,” Coinbase told customers in electronic notifications.

In addition to stealing money, hackers also reveal customers’ personal information, including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances.

The largest U.S. exchange vows to reimburse all of its customers affected by the vulnerability:

“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed – we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today.”

Coinbase has received scathing criticism for its poor customer service. Recently, many customers whose accounts have been hacked and withdrawn have been unable to reach support staff, leading to thousands of complaints against the company.

Not to mention they’re getting into legal troubles with the SEC.

Read more:

Follow us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like