Coinbase hackers exploit multi-factor flaw to steal from 6,000 customers

Bleeping Computer reports that hackers were able to steal cryptocurrency from approximately 6,000 Coinbase customers through exploiting a multifactor authentication flaw. According to the cryptocurrency exchange, its security team noticed a large-scale phishing attack on its users in April and May 2021. The malicious emails may have allowed hackers to gain access to usernames and passwords of some users. Worse, even users who have multi-factor authentication turned on were compromised by a flaw within the exchange's systems.
Coinbase sent affected customers a notification [PDF] stating that the bad actors exploited a vulnerability in the SMS Account Recovery process. This allowed hackers to obtain the two-factor token, which was supposed to be sent by text to the account owner's number.

Coinbase recommends two-factor authentication. This involves a security key and an app that authenticates the user. To protect yourself from SIM swap frauds and phone port frauds, it recommends SMS authentication as a last resort. Coinbase also sent a notification to 125,000 users in August that their two-factor settings were changed. However, the exchange stated back then that the notification had been sent accidentally and was not the result of hacking.

Coinbase informed customers that it had fixed its SMS account recovery protocols immediately it became aware of the problem. It will also reimburse anyone who lost cryptocurrency due to the incident. The hack exposed the names, addresses, and other sensitive information of those who were affected.