Security Breach at Coinbase Exposes Users to Hackers
US cryptocurrency exchange Coinbase is under fire from its users after revealing that over 6,000 customers fell victim to a hacking incident. The breach, described as a “third-party campaign,” occurred between March and May 20, 2021.
According to a breach notification letter sent out by Coinbase, the hackers needed access to the email address, password, and phone number associated with the accounts in order to carry out the attack. This information was likely obtained through phishing attacks or other social engineering techniques.
While Coinbase denies any direct involvement in the data leak that enabled the breach, a flaw in its authentication process allowed the hackers to bypass security measures. Specifically, the flaw in the SMS Account Recovery process enabled the unauthorized access to accounts that used SMS texts for two-factor authentication.
As a response to the incident, Coinbase has promised to reimburse affected customers for their losses and has implemented updates to its SMS Account Recovery protocols to prevent similar attacks in the future. However, the company warned that hackers may have accessed and potentially altered personal details and account information.
This is not the first time Coinbase has faced security issues. In 2019, the exchange had to suspend trading of Ethereum Classic due to “double spend” attacks that resulted in over $1 million in losses.
Reports suggest that hacked Coinbase accounts can fetch up to $610 each on the dark web, highlighting the value of cryptocurrency accounts to cybercriminals.
As cryptocurrency continues to grow in popularity, exchanges like Coinbase must prioritize security measures to protect their users from unauthorized access and potential financial losses.