Malicious agents have managed to use a 2FA breach in the Coinbase (www.coinbase.com) cryptocurrency exchange. This case is not the first recent cryptocurrency-related emergency involving hackers. You may remember Bitcoin.org hacking which took place at the end of September 2021. This item provides a quick read to learn what happened and what we know for now.
Coinbase 2FA breach case: what do we know?
The 2-factor authentication system at Coinbase exchange had vulnerabilities. That allowed cybercriminals to steal funds from the wallets of more than 6000 users. We know for the moment that the hackers had the users’ names, passwords, and telephone numbers that were keys to the client accounts. With those, the cracksmen overrode the 2FA system the exchange employs. In general, 2FA implies double-checking user identities through their portable devices. The users input an SMS-sent code on the website or verify their identity with the help of biometrics. Coinbase verification procedure implies sending one-time passwords to users via SMS.
According to Coinbase’s official response to the victims of the fraud, the robbery was possible due to the leak of at least 6000 usernames, phone numbers, and e-mail addresses with access to them.
It is worth mentioning that the attackers did not hijack the login process. Instead, they took advantage of a breach in Coinbase account recovery procedure. That procedure genuinely uses two-factor authentication. After accessing the accounts of Coinbase users, cyberthieves transferred their funds to some external wallets.
Consequences and warnings
As a matter of security, Coinbase has hastily revised and updated the account recovery protocols. Hopefully, these measures will ensure any emergency alike will not happen again. Although the exchange denies the possibility of its complicity in the data dump, the administration is making up its clients’ losses. It remains unknown how exactly the leak of personal data of Coinbase users happened.
The exchange administration presumes that cyber thieves have laid their hands on Coinbase clients’ personal data by conducting a major phishing attack. Their campaign most likely aimed to lull the victims’ vigilance by rendering a message, visually dressed as if it were from Coinbase, demanding urgent login or password change. As a result, unsuspecting users delivered their private data in good faith, believing they were using it correctly. The data users provided was directed straight to some unidentified harmful application that granted criminals access to the user’s e-mail inboxes.