Popular cryptocurrency exchange Coinbase has revealed that a party stole cryptocurrencies from 6,000 of its customers after using a vulnerability to bypass the company's SMS multi-stage security feature, BleepingComputer reports.
Coinbase is the second-biggest digital currency trade on the planet with almost 68 million clients in excess of 100 nations.
Coinbase stated in a message to affected customers that between March and May 20, 2021, a hacker attempted to steal Coinbase accounts by stealing their cryptocurrency.
In order to carry out the attack, attackers would need to know the email address, password, and customer phone number of their Coinbase account and access victims' email accounts.
Although it is unclear how attackers obtained this information, phishing campaigns that target Coinbase customers in order to steal account information are becoming more common. Banking Trojans, traditionally used to steal online bank accounts, are also known as Coinbase account theft.
MFA vulnerability allowed access to accounts
Even if the hacker has access to Coinbase's account information and account, if the customer has activated the tiered activation system, they will usually not be able to log into their account.
In the Coinbases Account Security Guide, they recommend activating two-factor authentication (MFA) as a last resort using security keys and passwords (TOTP) with an authentication program or an SMS.
However, Coinbase reports a vulnerability in the SMS account recovery process that could allow hackers to obtain an SMS verification code and access a secure account.
“Even with the above information, you still need additional authentication to access your Coinbase account,” explains Coinbase's customer notifications that Bleeping Computer confirms.
But in this case, for customers using SMS for two-step authentication, a third party uses a two-step verification code in the SMS Coinbase SMS account recovery process and accesses their account. "
Since Coinbase falsely gave threatening actors access to apparently secure accounts, the currency deposited the equivalent of the stolen money in the damaged accounts.
Cryptocurrency now
Bitcoin is now 47,114.4, an increase of 9.31%.
Ethereum 3210.26 increased by 7.85%.
Cardano 2.20 up 5.72%.
Solana 153,969, an increase of 11.29%.
All rights reserved to the owner: SCOOP HYPE