Ad
CryptoSlate on X
Catch the latest in crypto by following us on X. Stay informed on the go.
Join 50k followers
 Ad
News
Renzo’s ezETH token depeg triggers liquidations across DeFi platforms US DOJ seeks 36-month sentence and $50 million fine for ex-Binance CEO Changpeng Zhao Grayscale, BlackRock Ethereum ETF applications updated amid SEC delays Tether commits to freezing addresses linked to sanctions as scrutiny over USDT misuse grows Could Esienberg commodities conviction be smoking gun for Coinbase against SEC?
Coinbase reports 6,000 crypto account hacks after SMS flaw Coinbase reports 6,000 crypto account hacks after SMS flaw Shaurya Malwa · 3 years ago · 2 min read
🚨 This article is 3 years old...
NewsHacks

Coinbase reports 6,000 crypto account hacks after SMS flaw

Hackers used an unusual vulnerability to steal crypto from user accounts at the American crypto exchange.

Shaurya Malwa
Oct. 4, 2021 at 11:00 am UTC
2 min read
Updated: Oct. 4, 2021 at 11:11 am UTC
Coinbase reports 6,000 crypto account hacks after SMS flaw

Photo by Sora Shimazaki from Pexels

Over 6,000 Coinbase users saw their drained last week as hackers exploited an authentication bug to bypass the company’s SMS security feature, tech publication Bleeping Computer reported.

Coinbase said it would reimburse the stolen amounts to make up for damages and did not report further security breaches as of press time.

The hackers exploited a vulnerability to bypass the SMS authentication feature put in place by Coinbase to ensure user security. They illicitly gained access to user email addresses, passwords, and associated phone numbers, and used this information to log in.

Hackers may have conducted large-scale phishing campaigns to gain access to such sensitive information—said Coinbase—one that unsuspecting users willingly gave out. 

Banking trojan viruses have, in addition, been known to hit Coinbase users in the past.

Inside the Coinbase hit

As part of its security, hackers with access to a Coinbase customer’s credentials and email account are normally prevented from logging into an account if a customer has multi-factor authentication enabled.

However, Coinbase said a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account.

“Even with the information described above, additional authentication is required in order to access your Coinbase account,” a notification read.

It added, “In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”

Coinbase patched the bug shortly after it was discovered. Meanwhile, the exchange said it would reimburse the stolen funds directly into the accounts of affected users.

“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today,” a notice sent to users read.

Mentioned in this article
Coinbase
Posted In: , , Exchanges, Hacks
Latest US Stories
US DOJ seeks 36-month sentence and $50 million fine for ex-Binance CEO Changpeng Zhao

US DOJ seeks 36-month sentence and $50 million fine for ex-Binance CEO Changpeng Zhao

Legal 10 hours ago

Zhao argued that he is a first-time offender and has cooperated acting in good faith regarding the matter.

Grayscale, BlackRock Ethereum ETF applications updated amid SEC delays

Grayscale, BlackRock Ethereum ETF applications updated amid SEC delays

ETF 18 hours ago

The SEC is expected to reach a decision on Ethereum ETFs in May.

Jane Street Capital now holds over 5% of Coinbase stock

Jane Street Capital now holds over 5% of Coinbase stock

Investments 19 hours ago

The firm held less than 2% of the crypto exchange's outstanding shares in December 2023.

SEC seeking $5.3 billion in fines from Terraform Labs, Do Kwon

SEC seeking $5.3 billion in fines from Terraform Labs, Do Kwon

Legal 21 hours ago

The agency also seeks conduct-based and "obey-the-law" injunctions.

You might also enjoy...
$8 billion crypto startup Coinbase files draft S1 to SEC in preparation of IPO

$8 billion crypto startup Coinbase files draft S1 to SEC in preparation of IPO

Adoption 3 years ago
‘This isn’t about Ripple’: Crypto community reacts to SEC’s ‘regulation through litigation’ strategy 

‘This isn’t about Ripple’: Crypto community reacts to SEC’s ‘regulation through litigation’ strategy 

Legal 3 years ago
A 1,000 ETH trade via DEX aggregators can now give lower slippage than Coinbase

A 1,000 ETH trade via DEX aggregators can now give lower slippage than Coinbase

DeFi 3 years ago
BTC dumps as Coinbase CEO mentions potential US regulations for crypto wallets

BTC dumps as Coinbase CEO mentions potential US regulations for crypto wallets

Regulation 3 years ago
Latest Alpha Market Report
From 2012 to 2024: Analyzing market conditions before each Bitcoin halving
Available exclusively via

From 2012 to 2024: Analyzing market conditions before each Bitcoin halving

Andjela Radmilac · 5 days ago

As the fourth Bitcoin halving approaches, an in-depth look at past events offers insights into potential market impacts.

Latest Press Releases
View All

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Latest Alpha

In this article

Coinbase

Exchange Company in North America

Coinbase is a digital currency exchange and wallet service that allows individuals to buy, sell, and store digital currencies, such as Bitcoin, Ethereum, and Litecoin.

More about Coinbase
Ad
CryptoSlate on X x.com/cryptoslate
Follow us on X for instant crypto news and insights updates.
Join 50k followers
 Ad