Any time there is a communication regarding your finances or customer funds, it’s important to be skeptical, and ask yourself if you may be responding to a malicious actor. An important reminder of the dangers of phishingįor asset managers and financial institutions, this should serve as a reminder to always be aware of the possibility of a phishing attack. While SMS based 2FA is easier for many users, it is less secure because motivated attackers are able to intercept 2FA codes. “The third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to accounts,” Coinbase explains in their letter to customers. In this particular case, Coinbase says the attackers successfully phished victims’ email credentials, and then used those compromised email accounts to take over related Coinbase accounts and drain users’ cryptocurrency.Ĭoinbase offers several options for adding security to consumers’ accounts, including a feature called two-factor authentication or 2FA (a method in which a user is granted access to an application only after successfully presenting two or more pieces of evidence to an authentication mechanism).
Google authenticator coinbase software#
Phishing is defined as a social engineering attack where a criminal sends a fraudulent message to a victim to trick them into revealing sensitive information, or to deploy malicious software onto their system. The Coinbase attackers utilized a phishing method to steal users’ assets. SMS-based 2FA to compromise Coinbase accounts So, what can we learn from this latest crypto crime? Attackers exploited a flaw in The attack reinforces many of the same lessons previous events, such as the Liquid exchange hack and the Poly Network DeFi breach, have taught us. This phishing attack is the latest in a long line of hacks, phishing attacks, and other cybersecurity breaches that have targeted users of digital asset exchanges – as of July 2021, cryptocurrency crimes this year have amounted to over $681 million, and this number is actually fairly small compared to recent years. According to Coinbase, all users impacted by the attack will be reimbursed. News of the phishing attack was first reported in August, but the scope of it only became clear after a letter Coinbase sent to affected customers began to circulate recently. The phishing campaign successfully bypassed the SMS-based authentication the company employs to verify user accounts. On October 1st, Coinbase revealed that 6,000 of their users lost crypto assets after falling for a phishing scheme.
0 kommentar(er)
