Hackers Pinch Crypto from Coinbase User Wallets

Roughly six thousand Coinbase users had crypto stolen and moved out of their account, after threat actors abused a multi-factor authentication glitch.

The crypto trading platform issued a formal statement regarding the incident and informed all affected customers through a letter detailing the incident. The letter was further filed with the California Attorney General, as the incident comprises a criminal act.

The Coinbase platform uses a number of different multi-factor authentication approaches, with the one recommended by the platform being a dedicated app that handles temporary passwords sent directly to the user. However, in this recent attack, the hackers abused what Coinbase calls a "flaw" with the way SMS multi-factor authentication is implemented.

The victims of the theft had funds moved out of their digital wallets and transferred to new locations and wallets that are no longer associated with Coinbase, making the stolen crypto vanish into thin air.

ThreatPost published a detailed article on the incident and explained that for the bad actors to have pulled off the attack in the first place, they also needed access to bits and pieces of personal information concerning the victims, including details such as their emails, passwords and phone numbers.

The crypto exchange platform stated that the way this extra information about the victims was obtained has nothing to do with a hole in Coinbase's security. The most likely way the hackers got their hands on this information is through targeted phishing campaigns.

Coinbase itself noted an observable rise in phishing attempts that spoof legitimate Coinbase messages. Those phishing campaigns have been on the rise through the better part of 2021 so far and have shown great sophistication, when it comes to both their believability and their ability to get around automated security measures and filters.

October 4, 2021