en
Back to the list

Hackers invent a new way of stealing crypto funds from exchanges

28 September 2017 21:00, UTC

Not so long ago, reports appeared that cryptocurrency funds can be stolen through the means of social engineering with support lines. Hackers from Positive Technologies have managed to simplify the scheme – now instead of a call center, their primary target is SS7 – the system of service protocols in telecommunication.

Once hacked, this system can be used to intercept SMS messages used to verify the user identity (this is called two-factor authentication or 2FA). The Coinbase exchange is one of the cryptocurrency exchanges at risk, as demonstrated by the video showing this method: Gmail authorization attempts, the password reset after intercepting the SMS, and then the Coinbase password rest – and the money is gone.

This means that although initially the 2FA was considered a good security measure, the situation has changed. However, the hackers still need to know the mobile telephone number of the victim, so the best possible countermeasure would be not to post it everywhere.