Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication (MFA).
The attacker(s) used a flaw in Coinbase’s account recovery process to seize the SMS two-factor authentication tokens needed to break into customers’ accounts and transfer funds to crypto wallets unassociated with Coinbase.
In order to pull it off, the culprits first needed access to victims’ email addresses, passwords, phone numbers and personal email inboxes. Coinbase doesn’t know exactly how the third parties gained access to all that, but the exchange doesn’t think it’s to blame: “We have not found any evidence that these third parties obtained this information from Coinbase itself,” according to the exchange’s breach notification.
Coinbase noted that such information is often gleaned through phishing attacks or other social engineering techniques that trick victims into disclosing their login credentials.