Coinbase hackers exploit multifaceted flaw to steal from 6,000 customers


Bad actors managed to break into the cryptocurrency accounts of about 6000 և steal Coinbase: by customers exploiting the multi-factor defect of identification, according to Sleeping computer. The cryptocurrency exchange told the publication that its security team had been monitoring a large-scale phishing campaign targeting its users from April 2021 to early May. Some users may have fallen victim to malicious emails giving hackers access to their usernames and passwords. Worse, even those with multitasking were at risk for compromise.

In: notification [PDF] It was sent to the affected customers, Coinbase said that the bad actors took advantage of the vulnerability of the SMS account recovery process. This allowed the hackers to receive the two-factor signal, which was supposed to be sent via text to the account owner’s phone number.

Coinbase recommends using two factors: the security key on it Website:, followed by a ratification program. It mentions the identification of SMS as a last resort, which advises users to lock their mobile accounts to protect themselves SIM exchange scams or phone port fraud. Back in August, Coinbase too has been notified 125,000 users that their two-way settings have changed, but the exchange then said that the notification was sent incorrectly չէ is not the result of a hack.

In a letter to customers, Coinbase said that as soon as it learned of the problem, it patched its SMS account recovery protocols. It also compensates all those who lost their cryptocurrency in the event. Those who have been hacked may want to make sure all their other accounts are secure, even though it does reveal their names, addresses, and other sensitive information when their accounts are compromised.

All products offered by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we can earn an affiliate commission.



Source link