Hackers Pinch Crypto from Coinbase User Wallets

Roughly six thousand Coinbase users had crypto stolen and moved out of their account, after threat actors abused a multi-factor authentication glitch.

The crypto trading platform issued a formal statement regarding the incident and informed all affected customers through a letter detailing the incident. The letter was further filed with the California Attorney General, as the incident comprises a criminal act.

The Coinbase platform uses a number of different multi-factor authentication approaches, with the one recommended by the platform being a dedicated app that handles temporary passwords sent directly to the user. However, in this recent attack, the hackers abused what Coinbase calls a "flaw" with the way SMS multi-factor authentication is implemented.

The victims of the theft had funds moved out of their digital wallets and transferred to new locations and wallets that are no longer associated with Coinbase, making the stolen crypto vanish into thin air.

ThreatPost published a detailed article on the incident and explained that for the bad actors to have pulled off the attack in the first place, they also needed access to bits and pieces of personal information concerning the victims, including details such as their emails, passwords and phone numbers.

The crypto exchange platform stated that the way this extra information about the victims was obtained has nothing to do with a hole in Coinbase's security. The most likely way the hackers got their hands on this information is through targeted phishing campaigns.

Coinbase itself noted an observable rise in phishing attempts that spoof legitimate Coinbase messages. Those phishing campaigns have been on the rise through the better part of 2021 so far and have shown great sophistication, when it comes to both their believability and their ability to get around automated security measures and filters.

By Zaib
October 4, 2021
Computer Security
English
October 4, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Hackers Are Selling 8.3 Million 123RF User Records

Stock imagery website 123RF dot com suffered a cyber attack in mid-November 2020. According to reports, around 8.3 million user records were stolen by bad actors and have now been put up for sale. 123RF is one of the... Read more

November 20, 2020
Phishing, Scam

'Coinbase' Email Scam

The cryptocurrency market has once again attracted the attention of the media and the public, and more and more people are opting to invest in Bitcoin, DOGE, Ripple, and other popular cryptocurrencies. American users... Read more

April 27, 2021
How To

How to Select the Good Crypto/Bitcoin Wallet for Yourself

There's no denying that Bitcoins are a huge hit right now. Everyone and their dog is into cryptocurrency these days. After you initially buy your first bitcoin, you'll figure out that you have to store them somewhere... Read more

May 31, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.