Coinbase became the latest target of cryptocurrency hackers, suffering a data breach that saw data from more than 6,000 customer accounts stolen.
How the hack happened
Hackers attacked Coinbase, one of the biggest crypto exchanges in the U.S., after being able to bypass its multi-factor authentication, initially in place to prevent such a situation. The company disclosed that the theft had already happened between March and May. Allegedly, the perpetrators stole funds from 6,000 accounts, though Coinbase did not disclose the exact amount.
As is standard operating procedure on cryptocurrency exchanges, users on Coinbase are required to set up multi-factor authentication upon opening an account, meaning they have to confirm every login with a unique code from their phone or email. Thus, the hackers needed to have access to this type of information. While it was initially unclear how they obtained such private data, it later became clear that Coinbase’s security team had observed a large-scale phishing campaign that had taken place between April and early May this year. In a phishing attack, a malicious actor obtains the victim’s private data by sending a fake but real-looking email, luring the inconspicuous reader to share their data. Supposedly, users with multi-factor authentication also fell victim to a flaw in Coinbase’s system that could have prevented further damage.
An email the exchange circulated to its customers explained that the attackers had taken advantage of a flaw in the SMS Account Recovery process to receive an SMS two-factor authentication token.
Hacker attacks not a rare sight in crypto
This, of course, was only another attack in a long and continuing list of exploits the cryptocurrency space has become infamous for. It is also a rather minor feat compared to the $600M hack Poly Network suffered this summer, resulting in the largest attack in Defi history. That one also came to an even more remarkable conclusion, as the network managed to work out an agreement with the actor, which resulted in the entire loot being returned to the network.
While crypto has developed somewhat of a bad rap for being the target of hackers and ransomware attackers, it is often the user that is the weakest point malicious actors like to attack. As happened in the Coinbase attack, users often commit rather basic errors when it comes to their account security: they use a too simple password, fall for phishing attacks, or become victims of airdrop scams and other tactics. Although cryptocurrency comes with a lot of freedom, the flip side is that it also comes with a lot of responsibility for the user. Therefore, less experienced investors tend to, rightly, stick to centralised exchanges like Coinbase, as opposed to their even less intuitive decentralised counterparts. In the case at hand, this worked out well for users, who were reimbursed as Coinbase shared on its website:
“Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost.”
However, most are not that lucky. Thus, one should always remember that account security is a duty, not a chore.