more than 6000 Queen Piece Users saw their drain last week as hackers exploited an authentication bug to bypass the company’s SMS security feature, technical post sleeping computer mentioned.
Coinbase said it will reimburse the stolen amounts for damages and has not reported further security breaches at press time.
Hackers exploited a vulnerability to bypass the SMS authentication feature that Coinbase put in place to ensure user security. They illegally obtained access to users’ email addresses, passwords, and associated phone numbers, and used this information to log in.
Hackers may have conducted large-scale phishing campaigns to gain access to such sensitive information – Coinbase said – that unsuspecting users willingly provided.
Additionally, banking Trojans have been known to infect Coinbase users in the past.
Hit Inside Coinbase
As part of its security, hackers with access to a Coinbase client credentials and email account are usually prevented from logging into an account if the client has multi-factor authentication enabled.
However, Coinbase said there was a vulnerability in the SMS account recovery process, allowing hackers to obtain the SMS two-factor authentication code needed to access a secure account.
The notice read, “Even with the information described above, additional authentication is required to access your Coinbase account.”
She added, “In this incident, for customers using SMS text messages for two-factor authentication, the third party took advantage of a flaw in the Coinbase SMS account recovery process in order to receive the SMS two-factor authentication code and gain access to your account.”
Coinbase corrected the bug shortly after it was discovered. Meanwhile, the exchange said it will return the stolen funds directly to the accounts of the affected users.
“We will deposit funds into your account equal to the value of the currency that was incorrectly removed from your account at the time of the incident. Some clients have already been compensated – we will ensure all affected clients receive the full value of what they lost. You should see this reflected in your account no later than Today,” a notice sent to users has been read.
ad: Up to 20x margin on FTX.
Participation
Get edge In the crypto-asset market
You can access more crypto insights and contexts in every article as a paid member of CryptoSlate Edge.
On-chain analysis
Price shots
More context
Join now for $19 a month DISCOVER ALL THE BENEFITS
Like what do you see? Subscribe to get updates.