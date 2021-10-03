6000 accounts emptied

Hackers have emptied at least 6,000 Coinbase user accounts between March and May 2021. Indeed, malicious actors have managed to take advantage of a bug in the multi-factor authentication (MFA) process of the exchange.

The attackers first obtained information about user accounts and then used a loophole in Coinbase’s MFA system in order to move funds out of the exchange. We can read in the press release:

“This type of attack usually involves phishing attacks or other social engineering techniques to trick a victim into unwittingly disclosing login credentials. “

Specifically, the hackers managed to steal the user emails, passwords and phone numbers during a relatively sophisticated phishing campaign. Then, the attackers targeted users who were using two-factor authentication via SMS due to the existence of a security hole in this process.

Coinbase will reimburse customers

Coinbase pledged to reimburse aggrieved customers as well as providing free telephone support. The exchange also said it will work with law enforcement and launch internal investigations to try to identify the hackers.

The incident did not result, as some have reported, in a Coinbase hack, since the hackers do not appear to have penetrated the internal systems of the exchange.

Additionally, Coinbase urged customers to switch to a more secure form of two-factor authentication, such as an external hardware device or an application such as Google Authenticator.

Coinbase issued an alert earlier this week describing a sophisticated phishing campaign, but the exchange failed to disclose that hackers had successfully stolen funds from thousands of customers. Coinbase also does not seem to have reacted to warn its customers when the attacks were underway, or even in the months that followed.





