- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
Threat actors exploit a flaw in Coinbase 2FA to steal user funds
Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication.
Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.
According to a data breach notification letter filed with US state attorney general offices, the attackers with the knowledge of their username and password and phone number associated with the account, were able to steal funds bypassing the SMS-based authentication.
“Unfortunately, between March and May 20, 2021, you were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. At least 6,000 Coinbase customers had funds removed from their accounts, including you.” reads the data breach notification letter.
“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox.”
Attackers exploited a flaw in Coinbase’s SMS Account Recovery process to receive an SMS two-factor authentication token. Once discovered the campaign, the company updated its SMS Account Recovery protocols.
The company has yet to determine how attackers obtained the above information, they likely gained access to the data through phishing attacks, anyway, it excluded that they obtained the data from the company itself.
“We have not found any evidence that these third parties obtained this information from Coinbase itself,” the company continues.
The cryptocurrency exchange announced it will reimburse all impacted users and already started to send them the refunds.
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine