Coinbase has suffered an authentication hack which ended up affecting up to 6,000 customers, according to a breach-notification letter the crypto exchange sent to affected customers. This hack may be one of the largest hacks to have been suffered by Coinbase.
The hack was due to a flaw in Coinbase’s multi-factor authentication system which the hacker(s) explored to gain access into the customers’ accounts. This is according to the notification letter Coinbase sent to affected customers.
The hack took place between March and May 20 2021.
How Coinbase believes the hack was carried out
Coinbase has a process for its customers to recover accounts. This involves the customer initiating an SMS-based two-factor authentication. It comes in the form of a token. Once the customer successfully completes this recovery process using his or her Coinbase-associated phone number, the customer is able to regain access to his or her account. He or she is then able to transfer funds or complete other things.
To be able to use the recovery process to access customers’ accounts, the hacker(s) must have had access to the email address, password, and phone number associated with each of the up to 6,000 affected Coinbase accounts.
The hacker(s) successfully transferred customers’ funds to crypto wallets not associated with Coinbase.
According to Coinbase, the hacker(s) may have stolen the affected customers’ personal information by deceptively getting unsuspecting customers to disclose their credentials through a phishing1 scheme. In effect, Coinbase believes that the hack was a consequence of its customers falling for a phishing campaign.
Concerning the funds affected customers lost to the hacker(s), Coinbase has promised to compensate them. The stolen funds may have been paid back to the affected users already by paying crypto into customers’ accounts after the customers securely recovered their accounts. According to a Coinbase spokesperson, “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost”. Illustrated here are 6 ways hackers carry out phishing to access crypto accounts (using Coinbase as a case study).
Coinbase strongly recommends a more secure version of multi-factor authentication to customers
Meanwhile, Coinbase has advised all its users to switch to a more secure version of multi-factor authentication such as a hardware security key or authentication app. This is opposed to using 2-factor authentication.
The data breach has been filed by Coinbase at the California state attorney offices. In the report, Coinbase pointed out that it has not found evidence showing that the hacker(s) got the affected customers’ personal information from Coinbase itself.
Notably, Coinbase has suffered two data breaches over the last 2 years. The first data breach involved a password glitch in August 2019 when the passwords of up to 3,500 customers were stored in plain text on an internal server log. The second one was a sophisticated attack in the same period which was resisted by Coinbase. No funds were lost in both cases.
What could this scoop mean for the crypto asset buyer?
If the hacking above is due to Phishing as Coinbase believes it is and has reported accordingly, it is not expected that the news will have any impact on the crypto market or the crypto industry generally. Phishing is one of those unavoidable evils of digital life that can only be minimized through comprehensive cybersecurity measures, both on the part of the service provider and service user. This is why crypto asset users muat take their cybersecurity (more) seriously. Using an authentication system that helps you to keep your crypto wallet safe and secure is one of the ways to do so. While a 2-factor authentication is more secure compared to a single-factor authentication, it is not a bad idea to consider a multi-factor authentication as Coinbase has also recommended in its letter. A multi-factor authentication requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Multifactor authentication is most secure because it combines two or more independent credentials: what you know, such as a password; what you have, such as a security token; and who you are, by using biometric verification methods. Set it up now, not tomorrow! But apart from setting up a more secure authentication system, you must imbibe a safer and more secure digital life, especially in the crypto space.
- Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually performed through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim's machine. Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves. (Credit: Cisco)