However, Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account. In Coinbase's guide on securing accounts, they recommend enabling multi-factor (MFA) authentication utilizing security keys, Time-based One Time Passwords (TOTP) with an authenticator app, or as a last resort, SMS text messages. MalwareHunterTeam JanuMFA bug allowed access to accountsĮven if a hacker has access to a Coinbase customer's credentials and email account, they are normally prevented from logging into an account if a customer has multi-factor authentication enabled. Additionally, banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts.įresh, less than 2 hours ago registered phishing: Another (different than the previous) live one, /ie5jzRMcj2 While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common. To conduct the attack, Coinbase says the attackers needed to know the customer's email address, password, and phone number associated with their Coinbase account and have access to the victim's email account. In a notification sent to affected customers this week, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency. Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.Ĭoinbase is the world's second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries.
0 kommentar(er)
