The company also warned that the third party could have had access to all information in the affected accounts, which could include the victim’s full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balance. However, a flaw in Coinbase’s SMS-based authentication meant that they were able to bypass this extra line of defense.Ĭoinbase explained: “For customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.” Usually, two-factor authentication methods can stop a bad actor from accessing an account even if they have the credentials. Read more of the latest security news about cryptocurrencies The company said it is not able to “determine conclusively” how the actors obtained the information, but suggested: “This type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”Ĭoinbase added: “We have not found any evidence that these third parties obtained this information from Coinbase itself.” The incident, which happened between March and May 20, 2021, was due to a vulnerability in its two-factor authentication protocol.Ĭoinbase said that the malicious actors were able to carry out the attack as they had prior knowledge of email addresses, passwords, and phone numbers associated with victims’ accounts. In a letter (PDF) to victims, the US-based exchange said that a third-party actor had gained access to Coinbase accounts and removed funds. ![]() Cryptocurrency exchange Coinbase has admitted that a fault in its implementation of SMS-based authentication led to the compromise of at least 6,000 users accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |