Close Menu
Innovation Village | Technology, Product Reviews, Business
    Facebook X (Twitter) Instagram
    Thursday, May 22
    • About us
      • Authors
    • Contact us
    • Privacy policy
    • Terms of use
    • Advertise
    • Newsletter
    • Post a Job
    • Partners
    Facebook X (Twitter) LinkedIn YouTube WhatsApp
    Innovation Village | Technology, Product Reviews, Business
    • Home
    • Innovation
      • Products
      • Technology
      • Internet of Things
    • Business
      • Agritech
      • Fintech
      • Healthtech
      • Investments
        • Cryptocurrency
      • People
      • Startups
      • Women In Tech
    • Media
      • Entertainment
      • Gaming
    • Reviews
      • Gadgets
      • Apps
      • How To
    • Giveaways
    • Jobs
    Innovation Village | Technology, Product Reviews, Business
    You are at:Home»Blockchain»Hackers Bypass Coinbase 2FA to Steal Cryptocurrency From 6000 Customers

    Hackers Bypass Coinbase 2FA to Steal Cryptocurrency From 6000 Customers

    1
    By Tapiwa Matthew Mutisi on October 1, 2021 Blockchain, Business, Cryptocurrency, Cybersecurity, Digital currrency, News

    Hackers stole cryptocurrencies from at least 6,000 customers of the Nasdaq-listed digital asset exchange Coinbase by exploiting a flaw in its two-factor authentication (2FA) system. The news, first reported by Bleeping Computer, comes just a week after the company had to drop its plans to launch a new lending product following the threat of legal action from US securities regulators.

    According to a letter sent to affected customers, which was uploaded to the California attorney-general’s website and dated Friday, the victims were targeted between March and May this year. The attackers had to have previous knowledge of the email addresses, passwords, and phone numbers of the users, as well as access to their email inbox.

    Coinbase said it was unable to determine “conclusively” how this had happened, but that it was probably the result of phishing attacks or “social engineering” techniques to trick users into revealing their credentials. It said it had not found any evidence that this information had been obtained from the exchange itself, and that attackers did not breach its security infrastructure.

    A flaw in Coinbase’s SMS text account recovery process meant those accounts that used the service were vulnerable to attackers, who could divert authentication messages to themselves rather than the victims. In addition to access to funds, attackers could access information including home addresses, full names, and transaction histories.

    Coinbase said it had “immediately” fixed the flaw, but it did not reveal when it had discovered the vulnerability or the hacking campaign. “Because of the size, scope, and sophistication of the campaign we have been working with a range of partners, law enforcement agencies, and other stakeholders to understand the attack and develop mitigation techniques. We didn’t feel comfortable disclosing the attack publicly until the correct steps were taken to ensure that it couldn’t be repeated successfully, and would not compromise the integrity of law enforcement investigations.”

    Coinbase did not disclose how much had been stolen in the attack, but said customers would be reimbursed for all funds lost. A blog post uploaded on Monday said that there had been a rise in Coinbase-branded phishing messages between April and May, which had shown a higher degree of success bypassing spam filters on some older email services. It advised using two-factor authentication methods other than SMS texts.

    The exchange, which listed in New York in April, was forced to make an embarrassing climbdown on its Lend product, which would have initially offered a 4 percent annual yield for holders of its stablecoin, USD Coin. The Securities and Exchange Commission warned it would sue if the product was launched, and issued subpoenas asking for more information. Coinbase chief executive Brian Armstrong accused the regulator of “sketchy behaviour” before the product was shelved.

    The company has also faced scrutiny in recent months over its claims that USD Coin was fully backed by US dollar reserves, despite evidence showing the holdings also include “approved investments” from March last year onwards. Coinbase and the payments group Circle, which jointly operate USD Coin, committed to moving to a reserve policy of cash and Treasuries by the end of September.

    Related

    2FA Bitcoin Bleeping Computer Blockchain Tech Coinbase cryptocurrency cybercrime Digital Payments Hackers
    Share. Facebook Twitter Pinterest LinkedIn Email
    Tapiwa Matthew Mutisi
    • Facebook
    • X (Twitter)
    • LinkedIn

    Tapiwa Matthew Mutisi has been covering blockchain technology, intelligent technologies, cryptocurrency, cybersecurity, telecommunications technology, sustainability, autonomous vehicles, and other topics for Innovation Village since 2017. In the years since, he has published over 4,000 articles — a mix of breaking news, reviews, helpful how-tos, industry analysis, and more. | Open DM on Twitter @TapiwaMutisi

    Related Posts

    Grok 3 Lands on Microsoft Azure: A Powerful New AI Model with Enterprise-Grade Muscle

    MTN Nigeria Sues 20 Banks Over SleekChip Debt

    Bill Masuku’s Multiversal Mandela Effect

    1 Comment

    1. Pingback: Coinbase Becomes Custody Partner of Facebook’s Digital Wallet Novi  - Innovation Village | Technology, Product Reviews, Business

    Leave A Reply Cancel Reply

    You must be logged in to post a comment.

    Copyright ©, 2013-2024 Innovation-Village.com. All Rights Reserved

    Type above and press Enter to search. Press Esc to cancel.