To steal bitcoins from 6,000 consumers, hackers exploited a flaw in the bitcoin exchange’s SMS recovery system.
Coinbase, a major bitcoin and cryptocurrency exchange based in the United States, said today that a hacker was able to circumvent the company’s SMS multi-factor authentication process and steal assets from 6,000 users, according to Bleeping Computer.
Between March and May 20, 2021, Coinbase customers’ accounts were compromised in a hacking attempt that included spam messages and malware exploit on the company’s security protocols.
The exchange, which is situated in the United States and has over 68 million users from more than 100 countries, reportedly stated that hackers required to know the user’s email address, password, and phone number, as well as have access to their email accounts, in order to launch the attack. It is unknown how the hackers obtained access to those data.
“In this event, a third party exploited a weakness in Coinbase’s SMS Account Recovery process to get an SMS two-factor authentication token and gain access to your account,” Coinbase informed users via electronic notifications.
Apart from stealing money, the hackers disclosed users’ personal information, including “their complete name, email address, home address, date of birth, IP addresses associated with account activity, transaction history, account holdings, and balances,” according to the study.
Security should be a top priority for all online services, but particularly for financial ones. Businesses that handle customer funds, whether in USD or cryptocurrency, should avoid offering SMS as a recovery method at all, as it is the most readily misused. Additionally, users should avoid using SMS for account recovery or multi-factor authentication when they do.
Authentication software and physical hardware such as YubiKeys are more secure choices for protecting your account. Additionally, you may and should secure your accounts with strong passwords and a password manager such as Bitwarden.
Users can, however, reclaim their sovereignty by opting out of centralized services entirely. Bitcoin exchanges such as Coinbase act as a single point of failure, effectively providing a breeding ground for data vulnerabilities, regardless of the security measures they claim to follow. Centralized custodians and providers are frequently taken advantage of; decentralized alternatives exist and should be utilized. Consider your options carefully before disclosing personal information to a third party.
Also Read: TikTok Enters The World Of NFTs
Wallets