Last August, PolyNetwork, a decentralized finance (DeFi) firm working on inter-operability of crypto coins was hacked and $600 million worth of cryptocurrencies were transferred-out. Just days after this event, Japanese cryptocurrency exchange, Liquid was also hacked, firm reported, this time losing $90 million in cryptocurrency.
Now, crypto exchange Coinbase, world’s second largest cryptocurrency exchange revealed that a threat actor stole cryptocurrency from of its 6,000 customers. The theft was conducted through a vulnerability that allowed nefarious actors to by-pass the company’s SMS multi-factor authentication security feature.
In short, flaw allowed those behind hack to admit the victims’ 2FA tokens through handbook.
Coinbase sent a statement to the victims of the heist. The message revealed, the issue took place over some weeks, at least. ” Unfortunately, between March & May 20, 2021, you were a victim of a third- party campaign to gain unauthorized access to the accounts of Coinbase accounts and move customer funds-off Coinbase platform. At least 6,000 Coinbase accounts funds removed from their accounts, including you, ” statement read.
The firm went on to explain that, for the theft to occur, hackers required knowledge of the email address, password & phone number associated with the users’ Coinbase accounts, also access to their personal email inbox.
That is obviously a lot of information.
The firm presumed that the data was acquired through phishing attacks or other social engineering techniques, since there was no evidence whatsoever that these third-parties obtained this information from the Coinbase itself.
However, as noted, Coinbase specified that thieves take advantage of a flaw in their SMS Account Recovery process. The firm even explained that they were updating their SMS Account Recovery protocols to thwart any future thefts and victims of the theft would be reimbursed.
Reality, it seems, plays-out a little differently.
Coinbase is slammed by many customers, who say company has exhibited terrible customer service after hackers drained their accounts, consistent with CNBC. Interviews conducted with Coinbase customers & reviews of thousands of complaints ultimately reveal a pattern of account take-overs and subsequently, poor customer service from the Coinbase that left stoners hanging.
Further, the promises from company don’t change the fact that the actors had full access to an account and they were also privy to all types of personal information regarding Coinbase customers as a result. Coinbase has nearly 68 million users from over 100 countries.