A flaw in the multi-factor authentication in the Coinbase mobile application allowed hackers to somehow get to the two-factor authentication code sent via SMS of approximately 6,000 customers, after which hackers were able to break into their accounts.
Another day another theft in the cryptocurrency market was reported. This time, it is Coinbase that is under the spotlight. As per the notification letter which was sent to the affected customers, the multi-factor authentication through SMS option of Coinbase had a loophole, exploiting which hackers were able to get inside the accounts of almost 6,000 customers of the exchange.
Coinbase has reportedly filed the notification letter with the state attorney general offices in California.
According to the reports, hackers had been using a vulnerability in the account recovery process of the Coinbase mobile application and website between March and May, which enabled them to get the two-factor authentication code through SMS. After getting the code, they easily broke into the accounts of 6,000 of the exchange’s customers and transferred funds out of them.
The hackers were also successful to get access to the phone number, email address, and password associated with each account noted Coinbase. The exchange believes these credentials by stolen through a phishing scheme by the hackers. Coinbase highlighted in its notification letter to the California Attorney General that they have found no evidence that hackers got this information from the exchange itself. This suggests that the customers themselves provided this information to the hackers.
Reacting to the situation, a spokesperson from Coinbase said via email that the exchange took immediate action and tried to alleviate the impact of the hackers’ fraudulent campaign. Coinbase even worked with the external partners to get the phishing sites removed as soon as they identified any and also notified the email providers.
Nevertheless, Coinbase confirmed that it is compensating affected customers for their stolen funds. But it is not clear if the compensations are in fiat or crypto.
On the other side, Coinbase recommended customers start using a securer version of the multi-factor authentication like an authentication app or a hardware security key.
Even though this is not the first breach for Coinbase, it is one of the biggest ones to have affected the exchange so far. Back in August, the exchange had a breach that included a password glitch that stored the passwords of 3,500 customers on an internal server log. However, luckily no outside party took advantage of the vulnerability.