skip to Main Content
bitcoin
Bitcoin (BTC) $ 94,568.34 1.57%
ethereum
Ethereum (ETH) $ 3,345.80 0.78%
tether
Tether (USDT) $ 0.99857 0.12%
xrp
XRP (XRP) $ 2.16 0.39%
bnb
BNB (BNB) $ 696.97 0.58%
solana
Solana (SOL) $ 185.46 1.62%
dogecoin
Dogecoin (DOGE) $ 0.314615 0.61%
usd-coin
USDC (USDC) $ 1.00 0.10%
staked-ether
Lido Staked Ether (STETH) $ 3,343.22 0.53%
cardano
Cardano (ADA) $ 0.879501 1.71%

Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — report

Malicious actors reportedly took advantage of Coinbase’s SMS account recovery process to gain access to user funds.

461 Total views

2 Total shares

Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — report

Cryptocurrency exchange Coinbase has reportedly suffered another security breach after attackers were able to bypass the company’s multi-factor authentication, or MFA, feature in a coordinated campaign earlier this year. 

The attackers stole cryptocurrency from 6,000 accounts, though the monetary value of the theft wasn’t disclosed, according to a report from Bleeping Computer. Earlier this week, Coinbase reportedly notified affected customers that the theft occurred between March and May of this year.

To gain access to the accounts, the attackers must have known the affected users’ email address, password and phone number. It’s not clear how the attackers obtained this information, though phishing scams targeting exchange users are not uncommon. However, Coinbase did identify a vulnerability in the account recovery process that the attackers exploited to gain access to the accounts:

“ […] in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”

Coinbase, which operates one of the largest crypto exchanges in the world, has received scathing criticism for its poor customer service. As Cointelegraph reported, customers whose accounts were reportedly hacked and drained of funds were unable to access support staff, leading to thousands of complaints against the company.

Related: SEC was the only regulator unwilling to meet with Coinbase: Brian Armstrong

Coinbase’s IPO debuted at $86 billion in April, but the company has been unable to scale its customer service department adequately. In August, the company announced a new support line for customers who believe their account has been compromised.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top