6,000 Coinbase Users Affected By Multi-Factor Authentication Bug

[Teacher]

Edition Bleeping Computer reported that kriptovalyutnaya Exchange Coinbase notified about 6,000 customers that their accounts have been compromised due to vulnerabilities in the system of multi-factor authentication. From March to May 2021, unknown attackers infiltrated other people's accounts in order to steal cryptocurrency.

Coinbase is the second largest cryptocurrency exchange in the world, used by about 68 million people from over 100 countries.

The scale of the incident is not very large, since the attack cannot be called simple. For a successful hack, the hackers needed to know the victim's email address, password and phone number associated with the Coinbase account, as well as have access to the target's mailbox.

It is not yet clear how attackers gained access to all this information, but phishing campaigns targeting Coinbase users have become common lately, and many banking Trojans have “learned” how to steal registered data from cryptocurrency exchanges.

Even in the case when the attackers had all the necessary data, access to other people's funds was still protected by multifactor authentication (MFA). Coinbase encourages all users to use MFAs through hardware security keys, Time-based One Time Passwords from dedicated authentication apps, or, as a last resort, SMS text messages.

As it turned out, there was a vulnerability in the procedure for recovering an account via SMS, which allowed hackers to obtain a two-factor authentication token necessary to access the account.

“In this incident, which affected customers using SMS for two-factor authentication, a third party exploited a vulnerability in the process of recovering a Coinbase account via SMS to obtain a two-factor authentication token via SMS and gain access to other people's accounts, ”The company said. ...

Since the bug allowed cybercriminals to gain access to the so-called "secure accounts", the exchange will compensate users for all the damage done and place funds equal to the stolen amounts on the affected accounts. “You should see this in your account no later than today,” promises Coinbase.

Since the attackers had full access to other people's accounts, the personal information of the exchange clients was also disclosed, including full names, email addresses, home addresses, dates of birth, IP addresses, transaction history, assets and account balances.

Since the attack required a password from the Coinbase account and customer mail, victims are strongly advised to change their passwords immediately. Coinbase also recommends that all users switch to a more secure MFA method, such as a dongle or a dedicated authenticator app.