6,000 Coinbase accounts impacted by suspected social engineering attack

Jimmy2x

Posts: 84   +8
Staff
Bottom line: Coinbase has notified approximately 6,000 customers regarding unauthorized access to their cryptocurrency exchange accounts. While Coinbase has found no evidence that the information was obtained directly from their networks, the exchange has already begun reimbursing affected customers for the full value lost. Coinbase suspects the breach was the result of a social engineering attack designed to obtain user and login information.

Coinbase is currently one of the largest and most accessible trading platforms available to cryptocurrency enthusiasts. Unfortunately, this makes the exchange a high-profile target for bad actors with malicious intent.

Hackers are suspected of using social engineering tactics to obtain user information and exploit a secure messaging service (SMS) vulnerability to bypass Coinbase's multi-factor authentication. The hack resulted in unauthorized access and the removal of funds from 6,000 user accounts.

Coinbase believes hackers obtained customer email addresses, passwords, and phone numbers via a phishing scheme designed to collect key user information. The hackers then used the stolen information to exploit Coinbase's account recovery process by requesting and obtaining the two-factor authentication token required to access the compromised customer's accounts. Once obtained, the hackers accessed the accounts and transferred customers' funds to unknown destinations.

Users were alerted about the breach, which occurred sometime between March and May 20th of this year, and were provided with information regarding how the breach occurred, what actions were being taken, and how to properly secure their accounts. Per Coinbase, reimbursement distributions have already started and will be provided for all impacted customers. They have also advised customers on ways to enhance their security using more secure multi-factor authentication tools, such as hardware-based security keys or authentication apps.

Phishing is a type of attack designed to mimic communications from reputable companies with the intent to collect personal and account-related information. It falls under the larger umbrella of social engineering attacks; these attacks attempt to use deception and manipulation to influence human behavior in hopes of obtaining sensitive personal or account information.

The breach is not the first incident for Coinbase. In 2019, the exchange was forced to alert more than 3,400 users to an incident where registration info was stored in plain text logs. Around that same time, the exchange reportedly thwarted a highly sophisticated attack that utilized compromised academic email addresses. This year, the exchange erroneously sent 125,000 emails to users informing them that their two-factor authentication settings had been changed.

Permalink to story.

 

brucek

Posts: 1,111   +1,651
Ahahah it's not their fault but they refund the full amount anyway, yeah that's totally believable šŸ¤£
Credit card companies do that all the time. It's just the cost of doing business and it's overall more profitable to serve a wide audience at the cost of eating some losses, than scare most of that audience away while standing on principle that it wasn't technically their fault.

Anyway just saying that it could make sense to do that even if they were 0% responsible. I'm not saying it's necessarily the case they were 0% this particular time....
 

Karlos95

Posts: 247   +165
I held on to my bitcoins for almost 8 years before I sold them all, and I know what a Ponzi scheme is. So How is it a Ponzi scheme? Teach me. I want to learn.
Those who do no research won't learn, so I guarantee, they cannot teach anything.

Crypto has proven it won't be going anywhere soon. The only salty ones are the ones who actually believe the system that they are currently on, isn't rigged.
No awakening those guys.
 

captaincranky

Posts: 18,569   +7,423
What does it say about the intellect of crypto investors, when they fall for a scam that their grandmothers probably wouldn't bite on?
 

scavengerspc

Posts: 2,395   +2,545
TechSpot Elite
Those who do no research won't learn, so I guarantee, they cannot teach anything.

Crypto has proven it won't be going anywhere soon. The only salty ones are the ones who actually believe the system that they are currently on, isn't rigged.
No awakening those guys.
I have hit QP with the same question a dozen times. And I promise his answer this time will be the same as before. He won't answer me at all.
 

merikafyeah

Posts: 333   +318
SMS is likely the most insecure thing still commonly used today. The fact that so many require it as the sole means of 2FA is very annoying.
 

Karlos95

Posts: 247   +165
What does it say about the intellect of crypto investors, when they fall for a scam that their grandmothers probably wouldn't bite on?
And yet the percentage is higher for people over the age of 60 to fall for a computer fix over a phone call scam - doesn't say much for their intellect does it.

I've said it a million times, only those who do not understand their own currency do not believe in crypto. Or, they are in direct competition with it.


I'd say choose your side wisely, but you are long gone. Good luck when GFC hits again. So many will be ruined and bankers/pollies will be bailed out again while retirement holdings will be destroyed again. And you will still say nothing is wrong with the current system šŸ¤£šŸ¤£