Hackers stole about 6 thousand users of the Coinbase cryptocurrency exchange after discovering a vulnerability that allowedbypass two-factor authentication using SMS, reports Bleeping Computer.
</p>Affected Users Received This Weeka letter from the exchange, according to which, from March to May of this year, the attackers carried out a major campaign to hack their accounts. The hack required an e-mail address, access to it, a password and an associated phone number. It is assumed that all of this information was collected in the course of a phishing campaign. Banking Trojans could also have been used, which, among other things, are configured to steal data from Coinbase users.
Usually when a hacker takes over everyonethe necessary credentials to access the Coinbase user account, he cannot do this due to two-factor authentication. As the exchange itself admits, in this case, there was a vulnerability in SMS verification that allowed attackers to receive authentication tokens without direct access to the phone.
“Even with all the above informationadditional authentication is required to access your Coinbase account, the company explains. "However, in the last incident, customers using SMS text messages for two-factor authentication were affected by a third party exploiting a vulnerability in the process of recovering their Coinbase account via SMS to obtain a two-factor authentication token and access to the account."
Since the hacked accounts were protected according to the exchange's own recommendations, Coinbase took responsibility for the incident and fully compensates users for the losses.
“We will replenish your accounts with an amount equal tothe cost of the unreasonably withdrawn currency at the time of the incident. Some clients have already received compensation. We will make sure that all affected customers receive full compensation for their losses. The changes should be reflected in your accounts by the end of today, ”adds the exchange.
As Bleeping Computer points out, Coinbase is notspecifies whether compensation will be paid in traditional or digital currency. In the case of crediting the traditional currency, clients may have tax liabilities if the value of their assets has increased over the past time.
Since for a successful attackhackers required passwords for e-mail and accounts on the exchange, customers are strongly encouraged to change them. The company also encouraged users to switch to more reliable means of two-factor authentication, such as hardware security keys or specialized applications.
On May 11, Coinbase tweeted about the temporarydisabling SMS authentication to resolve the "known problem", but did not specify its nature at the time. At the end of August, 125,000 Coinbase customers received notifications that their two-factor authentication settings had been reset. Subsequently, the exchange admitted that the message was sent out by mistake, and users, in this regard, did not need to do anything.
/p>
</p>Read this:
Barclays no longer supports Coinbase user accounts
The number of users of the Coinbase exchange increased to 35 million
Coinbase reaches 43 million users
Coinbase Launches Coinbase Custody Europe Service
Data from 200 thousand users of bitcoin exchanges and cryptocurrency platforms are at risk after an alleged hack
Coinbase and other crypto services hit by Berlin hardfork