Hackers took advantage of an unexpected loophole to steal cryptocurrency from the American crypto exchange’s user accounts.
Last week, hackers leveraged an authentication bug to circumvent Coinbase’s SMS security feature, draining the accounts of over 6,000 customers, according to tech publication Bleeping Computer.
Coinbase stated it will return the stolen funds to compensate for the losses, but no other security breaches had been reported as of the time of posting.
The hackers took advantage of a flaw to get around Coinbase’s SMS authentication mechanism, which was implemented to safeguard user protection. They exploited the unauthorized access to user email addresses, passwords, and phone numbers to log in.
According to Coinbase, hackers may have used large-scale phishing attempts to get access to this sensitive information that naive consumers readily provided. Coinbase users have also been known to be victims of banking trojan malware before.
If a Coinbase customer has a multi-factor authentication set, attackers with access to the customer’s credentials and email account are typically barred from logging into the account.
Coinbase, on the other hand, stated that a flaw in their SMS account recovery process allowed hackers to acquire access to the SMS two-factor authentication token required to gain access into a secured account. A notification entailed that though the aforementioned information is necessary, for accessing your account on Coinbase additional authentication is needed.
In this event, a third party exploited a defect in Coinbase’s SMS Account Recovery process to obtain an SMS two-factor authentication token and gain access to user accounts for those who complete the two-factor authentication via SMS.
The flaw was quickly corrected by Coinbase as it was identified. Conversely, the exchange announced that it would refund the stolen funds straight to impacted individuals’ accounts.
The announcement of Coinbase revealed that “We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today.”