One of the leading crypto exchanges in the world, Coinbase, reveals that hackers used a bug in their multi-factor SMS authentication system. As a result, Coinbase reports that the accounts from 6.000 customers were hacked. And that is for the period between the 20th of March and May, 2021.
In order to pull off this attack, Coinbase claims that the hackers had to first obtain the credential of the users. For that purpose, they got the email addresses, passwords and phone numbers. Basically all info that the users entered when registering with Coinbase. However, Coinbase isn’t sure how exactly the hackers gained the necessary personal information.
What they are definitely sure about, is that this is another one of the daily phishing operations, conducted by the so-called banking trojans. And despite the multi-factor authentication that involves high-end safety features, there is still a bug in the SMS account recovery procedure.
Consequently, it is this bug that enabled the hackers to obtain the required two-factor authentication SMS token and access the Coinbase accounts.
While Coinbase informs that it will pay back all of the funds to each of the 6.000 hacked accounts, the damage is far greater for a simple refund fix.
What makes many customers mad, is that during this hack attack, literally every bit of personal info of the victims was visible to the hackers. The full name, home address, IP address, DOB, account holders, history of transactions and balance. Something that no refund could possibly substitute.
Which makes us wonder. How can a leading crypto exchange such as Coinbase, with 68 million users from 100 countries can allow such a slip? And will this recent attack on Coinbase have further consequences? Considering the clear violation and exposure of the customer’s credentials. Only time will tell.
InAltcoins
InLegal
