The famous cryptocurrency exchange Coinbase was subjected to a cyber burglary during the months of last March and May of the accounts of 6000 customers using their phone numbers associated with digital wallets and their email addresses.
Read also Nigeria to officially launch its digital currency early next month
The platform explained that the thieves had stolen cryptocurrencies from 6,000 of its customers after using a vulnerability to bypass the company’s SMS text message multi-stage security feature, BleepingComputer reported.
Coinbase is the second largest cryptocurrency exchange in the world, with nearly 68 million users from more than 100 countries.
Coinbase explained in a notice sent to affected customers that between March and May 20, 2021, a hacker conducted a campaign to hack Coinbase customers’ accounts by stealing their cryptocurrency.
Coinbase indicated that the attackers needed to know the customer’s email address, password and phone number associated with their Coinbase account and access the victim’s email account.
While it is not known how the attackers gained access to this information, phishing campaigns targeting Coinbase customers to steal account credentials are becoming common. Banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts.
The platform added that even if a hacker has access to a Coinbase client’s credentials and email account, they are usually prevented from logging into an account if the client has enabled the multi-stage enablement system.
In Coinbase’s Guide to Securing Accounts, they recommend enabling two-factor authentication (MFA) using security keys, time-based passwords (TOTP) with an authenticator app, or SMS as a last resort.
However, Coinbase notes a vulnerability in the SMS account recovery process, allowing hackers to obtain the two-factor authentication code for SMS needed to access a secure account.
“Even with the information described above, additional authentication is required to access your Coinbase account,” explained the Coinbase customer notice seen by BleepingComputer.
“However, in this incident, for customers using SMS for two-factor authentication, the third party took advantage of a flaw in the Coinbase SMS account recovery process in order to receive the SMS two-factor authentication code and access your account.”
Since Coinbase’s bug allowed threatening actors to gain access to what are believed to be secured accounts, the exchange deposits funds into the affected accounts for the equivalent of the amount stolen.
And about cryptocurrency prices now:
The price of Bitcoin is now 47,114.4, an increase of 9.31%.
The price of Ethereum 3210.26 increased by 7.85%.
Cardano price 2.2018, up 5.72%.
The price of Solana 153,969, an increase of 11.29%.
Ripple price 1.01562, an increase of 8.13%.
Polkadot price 30,644, an increase of 9.56%