Security News > 2021 > October > How a phishing attack thwarted MFA to steal money from Coinbase customers
That lesson was hammered home through a recent phishing attack that stole money from Coinbase customers.
The attackers were able to move funds from Coinbase to their own accounts, thus stealing a vast amount of money in the form of cryptocurrency.
Impersonating Coinbase, one of the the phishing messages told the user that someone else may have had access to their account, thus prompting Coinbase to lock it.
After gaining access to the victim's inbox and Coinbase account, the attackers in some cases used that information to impersonate the user, get an SMS-based two-factor authentication code and access the person's Coinbase account.
Though the attack worked by tricking users with a phishing message, Coinbase bears a core level of responsibility.
In its post, Coinbase admitted to a flaw in its SMS account recovery process, a flaw that the attackers were able to exploit to gain access to certain accounts.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)