Hackers managed to drain the accounts of 6,000 Coinbase users between March and May 2021 through a phishing campaign and a flaw in the SMS identification process. The exchange plans to refund the damaged users.
6000 accounts emptied
Hackers emptied at least 6,000 Coinbase user accounts between March and May 2021. Indeed, malicious actors managed to take advantage of a bug in the exchange’s multi-factor authentication (MFA) process.
The attackers first obtained users’ account information and then used a flaw in Coinbase’s MFA system to move funds out of the exchange. We can read in the release:
“This type of attack typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials.”
Specifically, the hackers successfully stole users’ emails, passwords and phone numbers in a relatively sophisticated phishing campaign. Then, the attackers targeted users who used two-factor authentication via SMS because of a security flaw in that process.
Coinbase to refund customers
Coinbase has pledged to refund aggrieved customers as well as provide free phone support. The exchange also said it will work with law enforcement and launch internal investigations to try to identify the hackers.
The incident did not, as some have reported, result in a hack of Coinbase, as the hackers do not appear to have penetrated the exchange’s internal systems.
In addition, Coinbase urged customers to switch to a more secure form of two-factor authentication, such as an external hardware device or an application such as Google Authenticator.
Coinbase had issued an alert earlier this week describing a sophisticated phishing campaign, but the exchange did not reveal that the hackers had successfully stolen the funds of thousands of customers. Coinbase also does not appear to have reacted to warn its customers when the attacks were underway, or even in the months that followed.