Security News > 2021 > October > Hackers rob thousands of Coinbase customers using MFA flaw
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.
In a notification sent to affected customers this week, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.
To conduct the attack, Coinbase says the attackers needed to know the customer's email address, password, and phone number associated with their Coinbase account and have access to the victim's email account.
Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account.
"Even with the information described above, additional authentication is required in order to access your Coinbase account," explained a Coinbase notification to customers seen by BleepingComputer.
"We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed - we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today," promised Coinbase.