Coinbase: Hackers exploit a loophole in two-factor authentication to steal 6,000 customers

platform was exposed Coinbase Cryptocurrency exchanges suffered another security breach after hackers managed to bypass the company's multi-factor authentication, or MFA, in a coordinated campaign earlier this year.

The attackers stole cryptocurrency from 6,000 accounts, although the monetary value of the theft was not disclosed, according to a report from Bleeping Computer. Earlier this week, it was reported that Coinbase I notified affected customers that the theft occurred between March and May of this year.

To gain access to the accounts, the attackers must know the email address, password, and phone number of the affected users. It is not clear how the attackers obtained this information, although phishing scams targeting exchange users are not uncommon. However, identified Coinbase Account recovery vulnerability exploited by attackers to gain access to accounts:

“In this incident, for customers using SMS for two-factor authentication, the third party took advantage of a flaw in the account recovery process. Coinbase“

received Coinbase The company, which operates one of the largest cryptocurrency exchanges in the world, has been criticized for poor customer service, customers whose accounts have been hacked and funds drained without access to support staff, which has led to thousands of complaints against the company.

To compensate the victims, issued Coinbase The following statement: “We will deposit funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been compensated - we will ensure that all affected customers get the full value of what they lost. You should see this reflected in your account no later than today. ”

To learn more about Coinbase, click here