At least 6000 users of crypto exchange Coinbase have been robbed by criminal hackers. They exploited a vulnerability in the SMS-2fa system. However, the hackers needed even more data from their targets.
According to a report on Bleeping Computer, the attackers also needed to know the email address, password, and phone number and actually have access to their targets’ email addresses. According to Coinbase, they probably obtained all that information through phishing campaigns. After they had all that data, they were able to exploit a vulnerability in Coinbase’s SMS multi-factor authentication. That happened between March and May 20 of this year.
Exactly what that vulnerability was is not disclosed, but it is presumably not about SIM swapping. “The third party used an error in Coinbase’s SMS account recovery process to receive an SMS token for two-factor authentication and access the accounts,” it said in a message to affected users, which Bleeping Computer said online. put. The vulnerability is believed to have been fixed on May 20.
Once inside, the criminals could of course access the crypto currency they have at the exchange, but also the data in the accounts. This concerns full names, addresses, dates of birth, IP addresses, transaction history and balances.
Coinbase has fixed the vulnerability in mfa via SMS and is compensating affected users; if they lose crypto, they get it back from the exchange. Coinbase recommends using mfa, but prefers a totp or physical security key.