According to a recent article on the technology website, BleepingComputer Coinbase has disclosed that a hacker stole cryptocurrency from 6,000 customers after exploiting a vulnerability to bypass the company’s SMS multifactor authentication.
Attackers needed to know customers private information
In a notification sent to affected customers this week, Coinbase explains that a hacker managed to break into Coinbase customer’s accounts and steal their crypto holdings around March and May 20, 2021.
Coinbase says the attackers needed to know the email address, password, and phone number of customers associated with their Coinbase account and access the victim’s email account. While it is unknown how the attackers obtained this information, phishing campaigns targeting Coinbase customers to steal account information have become common.
MFA vulnerability gave hackers access to accounts
Even if a hacker has access to a Coinbase customer’s login credentials and email account, they are typically prevented from logging into an account if the customer has multifactor authentication enabled. However, Coinbase states a vulnerability in their SMS account recovery process allowed hackers to obtain the two-factor authentication SMS token required to access a secured account.
Since the vulnerability allowed the hacker to access supposedly secure accounts, the exchange will pay an amount equal to the stolen amount to the affected accounts. Because the attack required the password of both a customer’s Coinbase and email account, victims are strongly advised to change their passwords immediately. Coinbase also recommends that its customers switch to a more secure MFA method, such as a hardware security key or an authentication app.