Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Hackers Rob Thousands Of Coinbase Customers Using MFA Flaw

Hackers Rob Thousands Of Coinbase Customers Using MFA Flaw

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

Coinbase is the world’s second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries.

In a notification sent to affected customers this week, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.

To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account.

While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common. Additionally, banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts.

MFA bug allowed access to accounts

Even if a hacker has access to a Coinbase customer’s credentials and email account, they are normally prevented from logging into an account if a customer has multi-factor authentication enabled.

Also Read: How Bank Disclosure Of Customer Information Work For Security

In Coinbase’s guide on securing accounts, they recommend enabling multi-factor (MFA) authentication utilizing security keys, Time-based One Time Passwords (TOTP) with an authenticator app, or as a last resort, SMS text messages.

However, Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account.

“Even with the information described above, additional authentication is required in order to access your Coinbase account,” explained a Coinbase notification to customers seen by BleepingComputer.

“However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”

Once they learned of the attack, Coinbase states that they fixed the “SMS Account Recovery protocols” to prevent any further bypassing of SMS multi-factor authentication.

As the threat actor also had full access to an account, customers’ personal information was also exposed, including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances.

As the Coinbase bug allowed threat actors to access what were believed to be secured accounts, the exchange is depositing funds in affected accounts equal to the stolen amount.

“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today,” promised Coinbase.

It is not clear if Coinbase will be crediting hacked customers with the cryptocurrency that was stolen or fiat currency. If fiat currency, it could lead to a taxable event for the victims if they had an increase in profits.

Customers who were affected by this attack can contact Coinbase at (844) 613-1499 to learn more about what is being done.

Coinbase shared the following statement when we requested more information about the attacks. However, they did not provide any further info on the SMS MFA flaw that they fixed.

“Between late April and early May, 2021, the Coinbase security team observed a large-scale phishing campaign that showed particular success in bypassing the spam filters of certain, older email services. We took immediate action to mitigate the impact of the campaign by working with external partners to remove phishing sites as they were identified, as well as notifying the email providers impacted. Unfortunately we believe, although cannot conclusively determine, that some Coinbase customers may have fallen victim to the phishing campaign and turned over their Coinbase credentials and the phone numbers verified in their accounts to attackers. Once the attackers had compromised the user’s email inbox and their Coinbase credentials, in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account. We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost. These large-scale, sophisticated phishing attacks are on the rise, and we strongly recommend anyone that uses online financial services to remain vigilant and take the necessary steps to protect their online identity.” – Coinbase spokesperson.

What Coinbase victims should do

Since the attack required the password of both a customer’s Coinbase and email account, it is strongly recommended that victims change their passwords immediately.

Also Read: Data Protection Framework: Practical Guidance for Businesses

Coinbase also recommends users switch to a more secure MFA method, such as a hardware security key or an authentication app.

Finally, victims should be on the lookout for future targeted phishing emails or SMS texts that attempt to steal credentials using information exposed in the breach.

This is not the first time a bug in Coinbase’s MFA system caused issues for their customers.

In August, Coinbase accidentally alerted 125,000 customers that their 2FA settings had been changed, causing panic among those receiving the alert.

BleepingComputer has contacted Coinbase with further questions regarding this attack but has not heard back at this time.

Update 10/1/21 11:49 AM EST: Added statement from Coinbase and link to a recent blog about the phishing attacks.
Update 10/1/21 12:26 PM EST: Added phone number for customers impacted by the attacks to find more information.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us