Hackers Stole crypto Funds From 6,000 Coinbase Customers Using Two-Factor Authentication Flaw

Cyber criminals have stolen crypto funds from at least 6,000 Coinbase customers, after exploiting a glitch in the the exchange’s two-factor authentication system.

According to technology news website Bleeping Computer, Coinbase revealed that 6,000 of its customers had crypto funds stolen between March and May of this year, after hackers gained access to customer accounts via SMS multi-factor authentication. The cyber criminals were able to determine the customers’ email address, password, and phone number related to their Coinbase account after first gaining access to the associated email.

Although it still remains unclear how exactly, the hackers were able to access the account credentials, Coinbase attests the security breach to online phishing campaigns, which focused on stealing the sensitive information. Even with Coinbase users enabling the platform’s multi-factor authentication, Time-based One Time Passwords, and even SMS text messages, the hackers were able to take “advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token” to gain access to the account.

Once the hackers gained access the Coinbase accounts, they were able to view the account holders’ other personal information, such as their name, home address, date of birth, transaction history, account holdings, and even IP addresses related to account activity. Coinbase said that there was no evidence suggesting that the information was accessed via the exchange itself, but did add that the affected customers would have funds deposited into their accounts in the amount that was stolen.

Information for this briefing was found via the Bleeping Computer. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.