MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication (MFA).

According to a notification letter (PDF) Coinbase sent to affected customers and filed with the California state Attorney General’s office, the theft happened between March and May 20, 2021.

The attacker(s) used a flaw in Coinbase’s account recovery process to seize the SMS two-factor authentication tokens needed to break into customers’ accounts and transfer funds to crypto wallets unassociated with Coinbase.

In order to pull it off, the culprits first needed access to victims’ email addresses, passwords, phone numbers and personal email inboxes. Coinbase doesn’t know exactly how the third parties gained access to all that, but the exchange doesn’t think it’s to blame: “We have not found any evidence that these third parties obtained this information from Coinbase itself,” according to the exchange’s breach notification.

Coinbase noted that such information is often gleaned through phishing attacks or other social engineering techniques that trick victims into disclosing their login credentials.

Coinbase Phishing

Read More: