[BreachExchange] Coinbase hack sees thousands of users' accounts drained

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Oct 18 11:29:21 EDT 2021


https://www.techradar.com/news/coinbase-hack-sees-thousands-of-users-accounts-drained

Coinbase has sent out breach notification letters to over 6000 users
admitting they might have lost funds in a months-long campaign against the
cryptocurrency exchange.

In the letter, the company said attackers took advantage of a flaw in
Coinbase’ two-factor authentication (2FA) mechanism to carry out several
assaults between March and May 20, 2021.

“As soon as Coinbase learned of this issue, we updated our SMS Account
Recovery protocols to prevent any further bypassing of that authentication
process,” notes Coinbase in the notification letter.

Even as the exchange is investigating the incident, it has decided to
reimburse all customers by depositing funds equal to the cryptos stolen
from their accounts.

Complex campaign
Sharing more details, Coinbase said that attackers would have required
certain information associated with the customers account, such as their
phone numbers, and login credentials.

The issue has been brewing for some time now. Unconfirmed reports of
hackers accessing and draining the cryptocurrency wallets of Coinbase
customers first surfaced in August. Then in September, the company had to
reassure its users that the email they received about the change in their
2FA settings were sent erroneously.

While the exchange has admitted that it is “not able to determine
conclusively how these third parties gained access to this information,” if
it were to guess it’d say the details were inadvertently leaked by the
customers as part of an elaborative and affective phishing campaign.

“Even with the information described above, additional authentication is
required in order to access your Coinbase account. However, in this
incident, for customers who use SMS texts for two-factor authentication,
the third party took advantage of a flaw in Coinbase’s SMS Account Recovery
process in order to receive an SMS two-factor authentication token and gain
access to your account,” explained Coinbase.

In addition to reimbursing the funds, Coinbase will provide free credit
monitoring service to customers, as it suggests users to use a different
2FA mechanism besides SMS-based one, and cycle the password of their
Coinbase account, as well as of the associated email address.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211018/cc6c63a5/attachment.html>


More information about the BreachExchange mailing list