{"id":347078,"date":"2021-10-01T19:30:00","date_gmt":"2021-10-01T16:30:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hackers-exploit-mfa-flaw-to-steal-from-6000-coinbase-customers-report\/"},"modified":"2021-10-01T19:30:00","modified_gmt":"2021-10-01T16:30:00","slug":"hackers-exploit-mfa-flaw-to-steal-from-6000-coinbase-customers-report","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-exploit-mfa-flaw-to-steal-from-6000-coinbase-customers-report\/","title":{"rendered":"# Hackers exploit MFA flaw to steal from 6,000 Coinbase customers \u2014 report"},"content":{"rendered":"

# Hackers exploit MFA flaw to steal from 6,000 Coinbase customers \u2014 report <\/strong>”
\n<\/p>\n

Cryptocurrency exchange Coinbase has reportedly suffered another security breach after attackers were able to bypass the company\u2019s multi-factor authentication, or MFA, feature in a coordinated campaign earlier this year.\u00a0<\/p>\n

The attackers stole cryptocurrency from 6,000 accounts, though the monetary value of the theft wasn\u2019t disclosed, according<\/a> to a report from Bleeping Computer. Earlier this week, Coinbase reportedly notified affected customers that the theft occurred between March and May of this year. <\/p>\n

To gain access to the accounts, the attackers must have known the affected users\u2019 email address, password and phone number. It\u2019s not clear how the attackers obtained this information, though phishing scams targeting exchange users are not uncommon. However, Coinbase did identify a vulnerability in the account recovery process that the attackers exploited to gain access to the accounts:<\/p>\n

\u201c […] in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase\u2019s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.\u201d<\/p><\/blockquote>\n

Coinbase, which operates one of the largest crypto exchanges in the world, has received scathing criticism for its poor customer service. As Cointelegraph reported, customers whose accounts were reportedly hacked and drained of funds were unable to access support staff, leading to thousands of complaints against the company. <\/p>\n

Related: <\/em><\/strong>SEC was the only regulator unwilling to meet with Coinbase: Brian Armstrong<\/em><\/strong><\/p>\n

Coinbase\u2019s IPO debuted<\/a> at $86 billion in April, but the company has been unable to scale its customer service department adequately. In August, the company announced a new support line for customers who believe their account has been compromised. <\/p>\n