Leading cryptocurrency exchange in the US, Coinbase has been the subject of several security breaches this year. In the latest breach, about 6000 users of the crypto exchange appear to have lost funds following the exploit, Coinbase reported in a letter sent to the affected parties.
In the letter, Coinbase stated that the hackers had used phishing links to access the accounts of the users affected. With the phishing links reportedly sent to the email addresses of the users in question, the hackers evaded the SMS authentication feature used to protect the accounts of Coinbase users.
Although reports of the exploit had filtered in since August, more details were shared by Coinbase explaining how the exploit had occurred.
After gaining access to the exploited accounts, the hackers drained the crypto assets. The widely-used security feature Two-factor authentication (2FA) was not enough to protect the compromised accounts because a section of it had broken down, Coinbase explained.
For those who had used SMS texts as their two-factor authentication, the black hat hacker(s) leveraged the inefficiency in Coinbase’s SMS Recovery process to retrieve the code sent after which they accessed the affected accounts.
However, Coinbase has pledged to refund users who lost their crypto assets to the exploit. Coinbase did not reveal the amount the hackers made away with but announced that the refund process had already begun.
In addition, Coinbase argued that the attack is not a hack per se since only the bad actors only targeted the accounts of a select few by sending suspicious links to their emails. Coinbase asserted that its internal systems did not suffer any breach contrary to rife speculations.
Speaking on why it had delayed in acknowledging the exploits on its users’ accounts, Coinbase said that it did not want to interfere with the investigations of law enforcement agencies. The incident, according to reports, occurred between March and May. Yet, Coinbase did not warn other users about the hacks in the months that followed.
Coinbase’s spokesperson explained in a statement issued this month.
“Because of the size, scope and sophistication of the campaign we have been working with a range of partners, law enforcement agencies and other stakeholders to understand the attack and develop mitigation techniques. We didn’t feel comfortable disclosing the attack publicly until the correct steps were taken to ensure that it couldn’t be repeated successfully, and would not compromise the integrity of law enforcement investigations,” said the spokesperson.
Meanwhile, the attacks appear to have been random as they occurred on the accounts of users in no particular jurisdiction. In one of its blog posts released earlier this week, Coinbase advised users to opt for more protective measures on their accounts like an external hardware device or an authenticator app.
Another indication that Coinbase security is failing is an incident that occurred back in September in which the exchange mistakenly sent security alerts to users alleging that their accounts had been compromised. Coinbase attributed the incident to an error in its messaging system. At the time, some users had panicked and withdrew their assets from the exchange.
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.