Coinbase exchange revealed an incident that happened with the Coinbase exchange, where hackers tricked Coinbase’s SMS recovery functionality and stole funds of 6000 Coinbase users.
Coinbase is the biggest crypto exchange and has 68 million crypto users from 100 countries in the world. Recently Coinbase exchange was in light because of the SEC’s threats on the USDC yield program and secondly users lost funds of Coinbase account due to sim swap & hijacking, which was covered by the CNBC report.
Recently, Coinbase exchange revealed itself about the breach in the security that took place in between March and May 20, 2021.
Coinbase exchange explained that hackers bypass the SMS account recovery system. But to recover the customers account perfectly, they needed to access the email, phone number & password of the account.
But still, hackers succeeded in accessing the accounts of 6000 Coinbase users.
The Coinbase firm clearly said that they don’t understand how they did it. And how the hackers got success to access the email account, which doesn’t come under the security protocol of Coinbase system.
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,”
Coinbase also explained that, hackers didn’t only stole funds of 6000 customers but also they exposed the details of those users publicly like “including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances,”
Coinbase exchange claimed that SMS two factor authentication is not a good option to secure the account. It is much better to use the account with a strong password, account authentication apps and physical hardware such as YubiKeys.