Coinbase reports that at least 6,000 user accounts have been compromised as a result of an exploited authentication bug
Between March and May of this year, third-party actors exploited a flaw in Coinbase's multi-factor authentication (MFA) process, gaining access to at least 6,000 user accounts.
The developments, which were previously detailed in a message sent to affected users, were first reported by BleepingComputer.
After obtaining user account information, the attackers exploited a flaw in Coinbase's MFA system to gain unauthorized access to user accounts and withdraw funds from the exchange. According to the message sent to affected users by the crypto exchange:
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.”
Coinbase has promised to deposit funds into affected accounts in the amount lost during the exploit, as well as to provide victims with free phone support and credit monitoring. The exchange also stated that it will collaborate with law enforcement and conduct internal investigations to identify the perpetrators of the incident.
Coinbase experienced significant growth in user accounts during the first and second quarters of this year, when the hack occurred. According to The Block's Data Dashboard, the number of user accounts increased by 30% between the fourth quarter of 2020 and the first quarter of 2021, and by 21.4 percent between the first and second quarters of this year.
Sign up to Get Your Crypto
Daily Brief
Delivered daily, straight to your inbox.
Comments
Post a Comment