Coinbase has disclosed that a phishing hack caused by a MFA security flaw has resulted in 6000 of its users getting their accounts drained.
The Cryptoverse has been nothing but good for most investors with strong HODL hands since 2020, thanks to a remarkable uptick in mass adoption. However, with rising crypto prices comes rising security risks. The consistent loss of funds by crypto users through hacks, scams and exploits on exchanges and wallets seems to grow more pronounced the higher Bitcoin and company climb up the charts. From the smallest exchange to the largest platforms and DeFi protocols, user accounts are susceptible to hacks.
The associated Pandora’s Box of dangers that come with keeping your assets on centralized exchanges, even the most reputable of them, was once again underlined in August 2020, when well-regulated and leading U.S. exchange Coinbase made a startling announcement in the beginning of October that 6000 of its users were impacted by a security breach starting in May this year.
The U.S. exchange was left with further egg on its face after its users slammed Coinbase’s terrible customer service in the aftermath of the hack, and with the growing adoption and ease of use of decentralized finance, or DeFi, (which has its own security risks), many users have begun to ponder whether it’s not safer to move their funds off exchanges and on to safer options like hardware wallets, where they can enjoy total control over their crypto assets.
(If you are a Coinbase user that’s been affected by this issue, you should follow these measures.)
How Did the Coinbase Phishing Hack Happen?
Coinbase has nearly 70 million users in more than 100 countries and as one of the oldest and wealthiest exchanges is considered to be as secure as an exchange can be. Despite this, according to an Attorney General filing in California State, hackers got away with the funds in 6000 accounts after using a clever phishing campaign to bypass multi-factor authentication (MFA) measures, according to the data breach notification. The criminals exploited a mistake the platform’s account recovery process to take control of the two-factor authentication (2FA) messages between March and May this year.
Coinbase users began to report hacks on their accounts, which resulted in a loss of almost all their funds in their accounts. The incidents which came as a shock to many was not immediately rectified as they affected a cross-section of users for about three months this spring. Coinbase is the largest exchange in the US and boasts of top-notch security, leading to many wondering how this may have happened over two months.
Coinbase released a statement that about 6000 accounts were compromised by hackers through phishing. The attackers collected the user data through external sources and not directly via the exchange, but Coinbase has stated that they were also complicit on their part.
According to Coinbase, the attackers gained access to the exchange by collecting user data such as phone numbers, emails, usernames, and other information through email sources.
While this information alone isn’t enough to gain access to user accounts but only a first step, Coinbase has admitted that its 2FA system was also compromised.
The flaw in the 2FA of Coinbase gave the attackers unlimited access to the account, which led to the transfer of the user’s crypto assets.
“We have not found any evidence that these third parties obtained this information from Coinbase itself.”
Coinbase has built a powerful brand around security and user experience over the years, and it was no surprise that users believed the statement that the initial breach was not from Coinbase but through phishing attacks and a flawed two-factor authentication system, the SMS Account Recovery Process.
According to the Coinbase team, in its response to the incident, not only was user funds transferred to other wallets, but some user personal information was also changed, such as their account email, phone numbers, and password.
Coinbase response and user complaints
Coinbase, upon learning about the pattern of attacks immediately upgraded its two-factor authentication system, including its SMS account recovery protocols. On the loss of user assets, Coinbase pledged to replace all funds affected by the hack.
This was the expected response from Coinbase because when there and been a hack or any similar incident, exchanges normally compensate customers by replacing stolen funds. Most exchanges have an insurance fund often capped to a large amount designated for users whose accounts have been compromised.
Coinbase has insurance of $255 million for events of a potential hack. Philip Martin, the exchange’s Vice President of security, confirmed this amount through a statement released earlier.
Some users have already been compensated in full, while others are expected to get theirs shortly.
“We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.”
While Coinbase claims that the issue has been largely resolved, some users have complained that funds stolen around April by hackers have not been returned to them. The claims of unreturned funds are up to thousands of dollars.
Coinbase reported the incident to law enforcement to get the people behind this incident, in addition to the provision of a dedicated phone support line for issues relating to the incident, and also advised users who use SMS-based two-factor authentication to take it a step higher by using a time-based one-time password, TOTP.
Coinbase Hack Hangover Lingers On
While crypto prices are skyrocketing, this year has not been the best in terms of security for most exchanges and DeFi protocols. User accounts and platforms are being hacked, leaving most people unsure about investing in cryptocurrencies.
Users complaining about the loss of funds also adds to the additional scrutiny of the cryptos by governments. Centralized exchanges have taken the heat this year from governments around the world.
Binance and Coinbase have been under siege from both regulators and hackers at times this year. Recently, the Chinese clampdown on exchanges as a result of suspected fraud and illegal transactions has led to many China-based users either cashing out or switching to decentralized exchanges. Hopefully, exchanges will find a permanent solution to prevent frequent hacks on their platforms.
Cryptocurrencies are digital assets that will always be susceptible to hacks if their owners don’t take adequate precautions in how they’re safeguarded. However, storing crypto in hardware wallets like the CoolWallet Pro and CoolWallet S (which remain offline but only uses encrypted Bluetooth and an EAL6+ secure element to verify and sign transactions) make it nearly impossible to be stolen. A cold storage wallet that is not connected to the Internet provides the best possible protection from cyber attacks.
However, phishing attacks are a threat to every cryptocurrency owner, as market leader Ledger’s 2020 data breaches that resulted in massive losses for users proved. Make sure that you apply best practice measures when securing your assets, such as not clicking on suspicious links, visually checking all transaction details and never ever storing your private key or recovery seed in any digital form.
Cold storage hardware like the CoolWallet allow you to keep your most vulnerable information offline at all times, from the moment you generate your recovery seed offline on the device, to recovering assets on a different device if needed.