The cryptocurrency exchange Coinbase suffered another security breach after the attackers were able to bypass the feature in the company’s multi-factor authentication, or MFA, in an integrated campaign earlier this year.
The attackers stole cryptocurrencies from 6,000 accounts, although the financial value of the theft was not disclosed, according to a report by Blaping Computer. Earlier this week, Coinbase informed affected customers that the theft occurred between March and May this year.
To gain access to the accounts, attackers must know the email addresses, passwords and phone numbers of the affected users. It is not clear how the attackers got this information, although phishing scams targeting exchange users are not uncommon. However, Coinbase identified a weakness in the account recovery process that the attackers used to gain access to the accounts:
” […] In this case, for customers who use SMS text for two-factor authentication, third parties have taken advantage of Coinbase’s SMS account recovery process errors to get an SMS two-factor authentication token and gain access to your account.
Coinbase, which operates one of the world’s largest crypto exchanges, has received strong criticism for its poor customer service. As Cointelegraph reported, customers whose accounts were hacked and funds were thrown away were unable to access support staff, leading to thousands of complaints against the company.
Related: The SEC was the only regulator who refused to meet with Coinbase: Brian Armstrong
Coinbase’s IPO debuted at $ 86 billion in April, but the company was unable to scale its customer service segment adequately. In August, the company announced a new support line for its customers who believe their accounts have been compromised.