Saturday, August 13, 2022

Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — Report


Cryptocurrency trade Coinbase has reportedly suffered one other safety breach after attackers had been capable of bypass the corporate’s multi-factor authentication, or MFA, characteristic in a coordinated marketing campaign earlier this yr. 

The attackers stole cryptocurrency from 6,000 accounts, although the financial worth of the theft wasn’t disclosed, in accordance with a report from Bleeping Pc. Earlier this week, Coinbase reportedly notified affected prospects that the theft occurred between March and Could.

To realize entry to the accounts, the attackers will need to have identified the affected customers’ electronic mail tackle, password and cellphone quantity. It’s not clear how the attackers obtained this data, although phishing scams focusing on trade customers are usually not unusual. Nonetheless, Coinbase did establish a vulnerability within the account restoration course of that the attackers exploited to achieve entry to the accounts:

“On this incident, for purchasers who use SMS texts for two-factor authentication, the third occasion took benefit of a flaw in Coinbase’s SMS Account Restoration course of with a view to obtain an SMS two-factor authentication token and acquire entry to your account.”

Coinbase, which operates one of many largest crypto exchanges on this planet, has acquired scathing criticism for its poor customer support. As Cointelegraph reported, customers whose accounts were reportedly hacked and drained of funds had been unable to entry assist employees, resulting in hundreds of complaints towards the corporate.

Associated: SEC was the only regulator unwilling to meet with Coinbase: Brian Armstrong

Coinbase’s preliminary public providing debuted at $86 billion in April, however the firm has been unable to scale its customer support division adequately. In August, the company announced a new support line for customers who believe their account has been compromised.