At least 6000 users of the crypto exchange Coinbase have been robbed by criminal hackers. They have exploited a vulnerability in the SMS-2fa system. However, the hackers needed more data from their targets.
according to Sleeping computer report The attackers also needed to know the email address, password, phone number, and actually have access to their targets’ email addresses. According to Coinbase, they may have obtained all this information through phishing campaigns. After they got all that data, they were able to identify a vulnerability in Multifactor authentication Via SMS from Coinbase. It happened between March and May 20 this year.
The exact vulnerability has not been disclosed, but it is assumed that it is not related to SIM swapping. “The third party used an error in the Coinbase SMS account recovery process to receive a two-factor authentication code for SMS and access the accounts,” the company said in a statement. Message For affected users, which Bleeping Computer put online. The vulnerability is believed to have been fixed on May 20.
Once inside, criminals can of course gain access to the cryptocurrency they have on the exchange, but also access to the data in the accounts. This relates to full names, addresses, dates of birth, IP addresses, transaction history and balances.
Coinbase has fixed the mfa vulnerability via SMS and compensated affected users; If they lose the cryptocurrency, they get it back from the exchange. Coinbase recommends mfa, but prefers mfa repent or a physical security key.