Coinbase said more than 6,000 customer accounts were compromised between March and May 2021 due to multi-factor authentication (MFA) exploit.
The scale of what happened at first may seem tragic, but in reality, it is not. For the most part, mass hacking of exchange accounts is impossible due to the complexity of the manipulations required of a hacker to gain access to crypto assets of Coinbase customers. In this case, the cracker needed not only to know the victim's email account and the password for the account on the exchange itself but also to have access to the email account itself, as well as her mobile phone number.
So far, experts cannot determine how the attacker gained access to this information. But they suggested that this could have happened as a result of a phishing campaign aimed at users of the American cryptocurrency exchange. Over the past year, Coinbase customers have frequently complained about phishing attacks. In addition, today many banking Trojans used by hackers are also able to steal data from the largest cryptocurrency exchanges.
Let's say the attacker was able to get all the information listed above. But soon he had an MFA on his way, which the Coinbase team so strongly encouraged all users to install. However, it was precisely the “hole” in it that helped the hacker steal money from more than 6,000 accounts.
The exchange team said it will restore the funds lost by customers in full and is also ready to provide victims with free phone support. In addition, they engaged law enforcement agencies to investigate to find the culprit in the incident and advised users to switch to a more secure form of authentication in the form of a hardware security key or a special application. The exact amount of losses has not yet been named.
Earlier in August this year, Coinbase mistakenly sent a notification to 125,000 customers to change their two-factor authentication settings. This could cause considerable resonance and panic among them due to possible hacked accounts.
The incident with the leakage of Coinbase account passwords also occurred in 2019, when 3,500 passwords of the marketplace users were stored in the internal server log in plain text. Although third parties did not use the exploit then, the exchange representatives later spoke about blocking a complex attack that could have happened just in that time interval.
If you decide to try your hand at the world of cryptocurrencies, do it with a trusted and reliable partner - HUOBI
CoinShark is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. This article is for informational purposes, prepared on the basis of materials and information from open sources. Cryptocurrency is a high-risk asset, investments in it can lead to losses. Readers should do their own research before taking any action.