Coinbase has disclosed that a phishing hack caused by a MFA security flaw has resulted in 6000 of its users getting their accounts drained.
The Cryptoverse has been nothing but good for most investors with strong HODL hands since 2020, thanks to a remarkable uptick in mass adoption. However, with rising crypto prices comes rising security risks. The consistent loss of funds by crypto users through hacks, scams and exploits on exchanges and wallets seems to grow more pronounced the higher Bitcoin and company climb up the charts. From the smallest exchange to the largest platforms and DeFi protocols, user accounts are susceptible to hacks.
The associated Pandora’s Box of dangers that come with keeping your assets on centralized exchanges, even the most reputable of them, was once again underlined in August 2020, when well-regulated and leading U.S. exchange Coinbase made a startling announcement in the beginning of October that 6000 of its users were impacted by a security breach starting in May this year.
The U.S. exchange was left with further egg on its face after its users slammed Coinbase’s terrible customer service in the aftermath of the hack, and with the growing adoption and ease of use of decentralized finance, or DeFi, (which has its own security risks), many users have begun to ponder whether it’s not safer to move their funds off exchanges and on to safer options like hardware wallets, where they can enjoy total control over their crypto assets.
(If you are a Coinbase user that’s been affected by this issue, you should follow these measures.) How Did the Coinbase Phishing Hack Happen?
Coinbase has nearly 70 million users in more than 100 countries and as one of the oldest and wealthiest exchanges is considered to be as secure as an exchange can be. Despite this, according to an Attorney General filing in California State, hackers got away with the funds in 6000 accounts after using a clever phishing campaign to bypass multi-factor authentication (MFA) measures, according to the data breach notification. The criminals exploited a mistake the platform’s account recovery process to take control of the two-factor authentication (2FA) messages between March and May this year.
Coinbase users began to report hacks on their accounts, which resulted in a loss of almost all their funds in their accounts. The incidents which came as a shock to many was not immediately rectified as they affected a cross-section of users for about three months this spring. Coinbase is the largest exchange in the US and boasts of top-notch security, leading to many wondering how this may have happened over two months. Coinbase released a statement that about 6000 accounts were compromised by hackers through phishing. The attackers collected the user data through external sources and not directly via the exchange, but Coinbase has stated that they were also complicit on their part.
According to Coinbase, the attackers gained access to the exchange by collecting user data such as phone numbers, emails, usernames, and other information through email sources.
While this information alone isn’t enough to gain access to user accounts but only a first step, Coinbase has admitted that its 2FA system was also compromised. The flaw in the 2FA of Coinbase gave the attackers unlimited access to the account, which led to the transfer of the user’s crypto assets. “We have not found any evidence that these third parties obtained this information from Coinbase itself.” Coinbase has built a powerful brand around security and user experience over the years, and it was no surprise that users believed the statement that the initial breach was not from Coinbase but through phishing attacks and a flawed two-factor authentication system, the SMS Account Recovery Process. According to the Coinbase team, in its response to the incident, not only was user funds transferred to other wallets, but some user personal information was also changed, such as their account email, phone numbers, and password.
0 Comments
Leave a Reply. |
CORWIN GROUPLatest News Archives
October 2021
CategoriesBy submitting this form, you provide consent for Corwin Group to email you occasionally with industry news and promotions. You may unsubscribe from these emails at any time.Testimonials & Disclaimer
Important Disclosure: By visiting this site, you agree to be bound by CorwinGroup’s Terms of Use and Privacy Policy. CorwinGroup.com is intended for accredited investors and otherwise qualified investors who understand and accept the risk associated with private investments. Investing in private investments on CorwinGroup involves risks, including, but not limited to market and industry risks, risks related to a specific property, currency fluctuation risk and liquidity constraints. Investments are not bank deposits and are not guaranteed. There is a potential for loss of part or ALL of the investment capital. CorwinGroup does not endorse any of the opportunities that appear on the site, nor does it make any recommendations regarding the appropriateness of particular opportunities for any investor. No correspondence or information provided on CorwinGroup.com or by any representative of CorwinGroup should be construed as a recommendation of a security. Each investor is advised to conduct his/her own due diligence as CorwinGroup does not provide any investment advice, business advice, or tax or legal advice. CorwinGroup is not registered under the Securities & Futures Act or the Financial Advisor’s Act. Neither the Securities and Exchange Commission in the country nor any federal or state securities commission or any other regulatory authority has recommended or approved of the investment or the accuracy or inaccuracy of any of the information or materials provided by or through the website. Please read Corwin’s Terms of Use for more detailed terms and conditions to which users of CorwinGroup are subject. |