We brought you last August news of what is called the biggest robbery to date. PolyNetwork, a decentralized financing company (DeFi) working on cryptocurrency interoperability, was hacked and $ 600 million worth of cryptocurrencies were transferred. Just days after this event, the Japanese cryptocurrency exchange Liquid is also hacked, the company said, this time losing $ 90 million in cryptocurrency.
Now, the cryptocurrency exchange Coinbase, the world’s second-largest cryptocurrency exchange, has revealed that a threat player has stolen 6,000 cryptocurrencies from its customers. The theft was committed with the help of a vulnerability that allows malicious participants to bypass the company’s multi-factor SMS authentication feature.
In short, the drawback allowed those behind the hack to receive victims’ 2FA tokens through text.
Coinbase sent declaration addressed to the victims of the robbery. The report reveals that the problem has been going on for at least a few weeks. “Unfortunately, between March and May 20, 2021, you were the victim of a third-party campaign to gain unauthorized access to Coinbase customer accounts and relocate customer funds from the Coinbase platform. At least 6,000 Coinbase customers have removed funds from their accounts, including you, “the statement said.
The company went on to explain that in order for theft to occur, hackers needed to know the email address, password and phone number associated with Coinbase users’ accounts, as well as access to their personal mailbox.
This is obviously a lot of information.
The company suggests that this data was obtained through phishing attacks or other social engineering techniques, as there is no evidence that these third parties received this information from Coinbase itself.
However, as noted, Coinbase clarified that the thieves did take advantage of a flaw in the process of recovering their SMS account. The company also explained that it was updating its SMS account recovery protocols to thwart any future thefts and that the victims of the theft would be recovered.
Reality seems to play a little differently.
Coinbase has been hit by many customers who say the company has shown terrible customer service after hackers drained their accounts. according to CNBC. Interviews with Coinbase customers and reviews of thousands of complaints eventually revealed a pattern of account takeovers and subsequent poor customer service from Coinbase that left users hanging.
In addition, the company’s promises do not change the fact that the actors had full access to the account and as a result were aware of any personal information about Coinbase customers. Coinbase has approximately 68 million users from over 100 countries.