Unknown hackers have attacked about six thousand user accounts of the Coinbase crypto exchange. They exploited the vulnerability to bypass two-factor authentication using SMS.
Related: Jake Cherwinski announces resignation from Compound Labs
This week, the exchange sent affected customers letters informing them that cybercriminals hacked accounts and stole crypto from March to May 20, 2021.To carry out the hack, attackers needed the customer's e-address, password, and phone number, linked to the Coinbase account.
The trading platform claimed responsibility for the hack, promising to compensate users for the loss. Coinbase says some of the customers have already been reimbursed.As mentioned in the notification, released by the company, the info about the user wasn't enough.
To access funds, hackers took advantage of a vulnerability in the platform's SMS Account Recovery. They managed to get an SMS two-factor authentication token and access to users' accounts. After the attack was revealed, Coinbase fixed the "SMS Account Recovery protocols" to disallow any possibility of further attacks.