Home Alt coins Six thousand Coinbase users hit by hackers

Six thousand Coinbase users hit by hackers

by admin

Crypto News

Coinbase

Hackers robbed about 6 thousand users of the Coinbase cryptocurrency exchange, having discovered a vulnerability that allows you to bypass two-factor authentication using SMS, according to Bleeping Computer.

Affected users this week received a letter from the exchange, according to which, from March to May of this year, the attackers conducted a major campaign to hack their accounts. Hacking required an e-mail address, access to it, a password and an associated phone number. It is assumed that all of this information was collected in the course of a phishing campaign. Banking Trojans could also be used, which, among other things, are configured to steal data from Coinbase users.

Usually, when a hacker gets hold of all the necessary data to access a user’s Coinbase account, he cannot do so due to two-factor authentication. As the exchange itself admits, in this case, there was a vulnerability in SMS verification that allowed attackers to receive authentication tokens without direct access to the phone.

“Even with all of the above information, additional authentication is required to gain access to your Coinbase account,” the company explains. “However, in the last incident, customers using SMS text messages for two-factor authentication were affected by a third party exploiting a vulnerability in the process of recovering their Coinbase account via SMS to obtain a two-factor authentication token and access to the account.”

Since the hacked accounts were protected according to the exchange’s own recommendations, Coinbase took responsibility for the incident and fully compensates users for the losses.

“We will replenish your accounts with an amount equal to the value of the unreasonably withdrawn currency at the time of the incident. Some clients have already received compensation. We will make sure that all affected customers receive full compensation for their losses. The changes should be reflected in your accounts by the end of today, ”adds the exchange.

As noted by Bleeping Computer, Coinbase did not specify whether compensation will be paid in fiat or digital currency. In the case of crediting the traditional currency, clients may have tax liabilities if the value of their assets has increased over the past time.

Since hackers required passwords for e-mail and exchange accounts in order to successfully carry out an attack, customers are strongly encouraged to change them. The company also encouraged users to migrate to more reliable means of two-factor authentication, such as hardware security keys or specialized applications.

On May 11, Coinbase tweeted about temporarily disabling SMS authentication to resolve a “known issue,” but did not elaborate on its nature at the time. At the end of August, 125,000 Coinbase customers received notifications that their two-factor authentication settings had been reset. Subsequently, the exchange admitted that the message was sent out by mistake, and users, in this regard, did not need to do anything.

Stay in touch! Subscribe to crypto-daily.news in Telegram.
Discuss current news and events at the Forum



#thousand #Coinbase #users #hit #hackers

Related Posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.