6,000 Coinbase accounts impacted by suspected social engineering attack
A flaw in SMS 2FA mechanism also partly to blameBy Jimmy Pezzone 11 comments
Bottom line: Coinbase has notified approximately 6,000 customers regarding unauthorized access to their cryptocurrency exchange accounts. While Coinbase has found no evidence that the information was obtained directly from their networks, the exchange has already begun reimbursing affected customers for the full value lost. Coinbase suspects the breach was the result of a social engineering attack designed to obtain user and login information.
Coinbase is currently one of the largest and most accessible trading platforms available to cryptocurrency enthusiasts. Unfortunately, this makes the exchange a high-profile target for bad actors with malicious intent.
Hackers are suspected of using social engineering tactics to obtain user information and exploit a secure messaging service (SMS) vulnerability to bypass Coinbase's multi-factor authentication. The hack resulted in unauthorized access and the removal of funds from 6,000 user accounts.
Coinbase believes hackers obtained customer email addresses, passwords, and phone numbers via a phishing scheme designed to collect key user information. The hackers then used the stolen information to exploit Coinbase's account recovery process by requesting and obtaining the two-factor authentication token required to access the compromised customer's accounts. Once obtained, the hackers accessed the accounts and transferred customers' funds to unknown destinations.
Users were alerted about the breach, which occurred sometime between March and May 20th of this year, and were provided with information regarding how the breach occurred, what actions were being taken, and how to properly secure their accounts. Per Coinbase, reimbursement distributions have already started and will be provided for all impacted customers. They have also advised customers on ways to enhance their security using more secure multi-factor authentication tools, such as hardware-based security keys or authentication apps.
Phishing is a type of attack designed to mimic communications from reputable companies with the intent to collect personal and account-related information. It falls under the larger umbrella of social engineering attacks; these attacks attempt to use deception and manipulation to influence human behavior in hopes of obtaining sensitive personal or account information.
The breach is not the first incident for Coinbase. In 2019, the exchange was forced to alert more than 3,400 users to an incident where registration info was stored in plain text logs. Around that same time, the exchange reportedly thwarted a highly sophisticated attack that utilized compromised academic email addresses. This year, the exchange erroneously sent 125,000 emails to users informing them that their two-factor authentication settings had been changed.