The world’s second largest crypto exchange has revealed that a threat actor made away with digital coins belonging to 6,000 customers after exploiting a vulnerability to bypass the firm’s multi-factor authentication (MFA) security feature.
The crypto exchange notified its customers that the event involving a hacker breaching customer accounts occurred between March and May. This is big news considering that Coinbase has about 68 million users spread across 100 countries.
Reportedly, the threat actor needed to know customers’ email addresses, passwords and phone numbers associated with their individual accounts in order to pull off such an attack successfully.
Possession of the above information was enough to allow hacker access to victims’ email accounts. Coinbase has since hypothesized that phishing campaigns were used by the hackers to to steal account credentials.
Point to note, cases of Coinbase being targeted by cyber attackers are not uncommon. The cybersecurity news platform BleepingComputer has reported in the past about banking Trojans that have been used against Coinbase users before.
What Exactly Happened?
The Coinbase notification to customers may have left more questions than answers. Even if a threat actor hasb gained access to a user’s account credentials and email account, it is highly unlikely that they can go ahead to hijack the account because of the multi-factor authentication feature that the crypto exchange encourages its users to leverage.
However, it turns out that a vulnerability existed within Coinbase’s SMS account recovery process. The problem allowed threat actors to gain the SMS two-factor authentication token that rendered the accounts defenceless.
Coinbase claims that they swung into action as soon as they learn of the cyberattack, and that they have managed to fix their faulty “SMS Account Recovery protocol” in an effort to prevent the possibility that cybercriminals will bypass the SMS MFA system.
At this point, Coinbase users are therefore advised to change their passwords immediately. It is also important for them to switch to a more secure MFA method such as an authentication app.