Hackers bypass Coinbase 2FA to steal customer funds
Image: Jeremy Bezanger
Catalin Cimpanu October 1, 2021

Hackers bypass Coinbase 2FA to steal customer funds

Hackers bypass Coinbase 2FA to steal customer funds

  • Hackers used Coinbase bug to bypass SMS-based 2FA and gain access to user accounts.
  • More than 6,000 users had funds stolen from their Coinbase wallets between March and May 2021.
  • Coinbase said it would reimburse all affected users.

More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase’s SMS-based two-factor authentication system to breach accounts.

The intrusions took place earlier this year, between March and May, the exchange said in a data breach notification letter it has filed with US state attorney general offices.

“The third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” Coinbase said.

“As soon as Coinbase learned of this issue, we updated our SMS Account Recovery protocols to prevent any further bypassing of that authentication process,” it added.

Coinbase said the attacks could exploit this bug only if they knew the victim’s username and password.

“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.

“We have not found any evidence that these third parties obtained this information from Coinbase itself,” the company said.

Coinbase said it would reimburse all users who lost funds in these intrusions.

“Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today,” the company promised.

Coinbase is today’s second-largest cryptocurrency exchange in the world, according to CoinMarketCap, behind Binance.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.