Unauthorized third parties took advantage of a failure in the two-factor verification system. The company expressed that it replaced the funds stolen from the attacked accounts.
Due to a flaw in the multi-factor authentication system, a hacker, or various ones, managed to enter the accounts and steal cryptocurrencies from at least 6,000 Coinbase customers.
A sophisticated massive social engineering harmed users of the exchange between March and May of this year, as revealed in a breach notification letter sent days ago by Coinbase to its affected customers. A copy of the letter got posted on the California Attorney General’s website.
Unauthorized third parties took advantage of a weakness in the company’s two-factor authentication or SMS account verification system. According to the company, the hackers would have entered customer accounts to migrate funds to wallets controlled by them.
The attackers needed the email address, passwords, and phone numbers of the affected customers to achieve their goals. Coinbase believes that hackers would have aimed at massive phishing attacks to steal their customer’s account credentials.
The company notes in the letter that, between the end of April and the beginning of May 2021, the Coinbase security team noted a large-scale phishing campaign that was particularly successful in bypassing the spam filters of some older email services.
Phishing is a method used by malicious actors to trick users and encourage them to hare their passwords, credit card numbers, and other confidential information. Regarding the situation on Coinbase, the hackers sent emails to make the exchange’s customers believe that these emails came from the company itself.
Coinbase Sends back All the Stolen Funds to its Clients
Two-factor authentication generates a layered defense that makes it difficult for an unauthorized individual to obtain access to a target. However, Coinbase recognizes that there was a weakness in its SMS account recovery system. For that reason, the hackers gained control over the two-factor authentication code necessary to access a secure account.
Through a post revealed on its official blog, the company expresses that identity theft attacks have increased among its customers, achieving success in bypassing the spam filters of certain older email services, it says.
The company highlighted that attackers have been using different subjects, senders, and content.
Coinbase’s guide on account protection has an option to enable multi-factor authentication (MFA) using security keys, unique time-based passwords (TOTP) with an authentication app, or as a last resort, text messages SMS.
The company also highlighted that it included “SMS account recovery protocols” to prevent SMS multi-factor authentication from being bypassed by unauthorized third parties.
Coinbase’s bug allowed attackers to access secure accounts, so the exchange said it would replenish the funds in the affected accounts in proportion to the amount stolen.
Some customers have already received their reimbursement. The company said it would ensure that all affected customers receive the total value of what they lost in the attack. They should see those amounts reflected in their account in at least one day.
By: Jenson Nuñez
