Coinbase Customers’ Accounts Swindled by Hackers Using Bug in SMS Account Recovery Process
Hackers were able to evade Coinbase’s multi-factor authentication (MFA) feature in a concerted effort earlier this year, and the cryptocurrency exchange has allegedly faced another security incident after that. As per a report from Bleeping Computer, the hackers swindled bitcoin from 6,000 accounts, but the monetary amount of the crime was not revealed.
The theft, according to reports, took place between March and May, and Coinbase allegedly informed impacted clients a few days before. In order to gain control of trading accounts, the attackers needed to know the email addresses, passwords, and phone numbers of the individuals who were targeted.
This data was extracted in an unknown manner, but phishing schemes that target cryptocurrency exchange users are not unusual. Coinbase, on the other hand, discovered a shortcoming in the account recovery procedures that the hackers abused to gain control of the accounts: “In this mishap, for clients who are using SMS messages for two-factor verification, the third party exploited a shortcoming in Coinbase’s SMS Account Recovery process with an aim of receiving a SMS two-factor validation token and gain control of your account,” the company stated.
Several cryptocurrency exchanges, including Coinbase, which is acknowledged to be one of the biggest in the world, have come under fire for providing bad customer support. Notably, users whose accounts were allegedly hacked and emptied of money were not able to contact customer service representatives, resulting in hundreds of complaints against the business as a result.
Coinbase’s initial public offering (IPO) valued the business at $86 billion when it went public in April, but the enterprise has struggled to expand its customer care division to meet demand. In August, the business unveiled the launch of a new customer service line for consumers who think their trading account has been hacked.