Readers like you help us earn affiliate commissions when you click and buy from links on our site. Learn more.

Stolen from Coinbase customers despite two-factor authentication

The cryptocurrencies of 6,000 customers of the crypto exchange Coinbase were stolen. Criminals discovered a vulnerability in the 2FA.

Criminals have stolen the digital currencies of 6,000 Coinbase customers how the crypto Stock Exchange last week announced. To do this, the attackers exploited a vulnerability with which they were able to bypass the company’s two-factor authentication. With around 68 million users, Coinbase is the second-largest crypto exchange in the world.

The attacks are said to have taken place between March and May 20, 2022. To carry it out, the attackers needed the victims’ email address, password, and phone number. In addition, there had to be access to the e-mail account of the person concerned.

It is not known how the attackers obtained the information. However, Coinbase assumes that the data was obtained through phishing campaigns. Banking Trojans are now also often targeting Coinbase accounts.

But even if criminals were able to get all of this data, they should actually be prevented by two-factor authentication from accessing the accounts at Coinbase – if this has been activated. But an unspecified vulnerability in the account recovery process is said to have enabled the criminals to get the SMS token for two-factor authentication and thus gain access to the accounts that were actually secured.

After the attack became known, Coinbase stated that it corrected the “SMS account recovery protocols” in order to prevent further bypassing of the SMS two-factor authentication. In addition to the stolen digital currencies, the personal data of those affected were also disclosed, including name, email address, home address, date of birth, IP addresses, transaction history as well as account balance and existing credit of the customers.

Coinbase promises to replace the value of the stolen digital currencies:

“We will deposit an amount into your account equal to the value of the currency that was illegally removed from your account at the time of the incident. Some customers have already received a refund – we will ensure that all affected customers get the full value of the money lost. This should show up in your account by today at the latest. ”

It is not clear whether Coinbase will credit the hacked customers with the stolen cryptocurrency or fiat currency. Affected Coinbase customers should in any case change their password immediately and migrate to a more secure form of two-factor authentication, for example, TOTP (Time-based One-Time Password) or with Fido sticks via Webauthn.

News source