Hackers exploited a flaw in the system to obtain customers’ SMS two-factor authentication codes and gain access to their accounts.
Hackers exploited a flaw in Coinbase’s two-factor authentication system to steal cryptocurrency from at least 6,000 customers this spring, according to the cryptocurrency exchange.
In a data breach notice sent out to affected customers this week, Coinbase revealed the hacking spree. According to the notice, “at least 6,000 Coinbase customers had funds removed from their accounts, including you.” The news was first reported by BleepingComputer.
Between March 2021 and May 20, 2021, account breaches occurred. Hackers are suspected of using a large-scale email phishing campaign to trick a number of Coinbase customers into handing over their email addresses, passwords, and phone numbers.
Furthermore, the unknown perpetrators gained access to the victims’ email inboxes by exploiting a malicious app that allows the user to read and write to the inbox if they grant permission.
Still, a password is insufficient to gain access to a Coinbase account. The company secures an account by default with two-factor authentication, which means you must enter both a password and a one-time passcode generated on your phone to access the account.
However, the hackers were able to steal the one-time passcode in some cases. This happened to users who used the two-factor authentication system, which relies on SMS messages to send the code.
Using the compromised user’s email and Coinbase credentials, the attackers were able to impersonate the user, receive an SMS two-factor authentication code, and access the Coinbase customer account. The hackers then looted the cryptocurrency funds.