coinquora.com
- Coinbase exchange experiences yet another security breach.
- Hackers stole from 6,000 counters.
- A vulnerability in the company’s MFA lead to the security breach.
Coinbase, one of the world’s largest crypto exchanges, has reportedly suffered another security breach. Specifically, hackers came across a vulnerability they used to bypass the company’s SMS multi-factor authentication (MFA) security feature. Therefore, Coinbase disclosed that the hackers stole from 6,000 customers.
In detail, Coinbase states that a vulnerability existed in their SMS account recovery process. Thus, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account. To conduct the attack, Coinbase says the attackers needed to know the customer’s email address and password. Also, the phone number is associated with their Coinbase account and they have access to the victim’s email account.
According to the Coinbase reports it says:
However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.
However, it is unknown how the threat actors gained access to this information. In particular, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common. Additionally, banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts.
Coinbase has grown rapidly since its establishment. It has approximately 68 million users from over 100 countries. On the other hand, complaints have continued to arise. Since 2016, Coinbase users have filed more than 11,000 complaints against Coinbase with the Federal Trade Commission and Consumer Financial Protection Bureau, mostly related to customer service.