How a phishing attack thwarted MFA to steal money from Coinbase customers

Image: Wit Olszewski/Shutterstock

Security experts support telling america to usage multi-factor authentication whenever imaginable to amended unafraid our online accounts and credentials. But what they don't ever accent is that the benignant of MFA you follow makes a quality successful whether oregon not you're genuinely protected. And that acquisition was hammered location done a caller phishing onslaught that stole wealth from Coinbase customers.

SEE: Secure your information with two-factor authentication (free PDF) (TechRepublic)

Coinbase is the world's second-largest cryptocurrency speech service, holding accounts for astir 68 cardinal users from much than 100 countries astir the world.

In a caller blog station and an email to affected customers, the institution revealed that a phishing run observed betwixt April and aboriginal May 2021 gained unauthorized entree to the accounts of astatine slightest 6,000 customers. The attackers were capable to determination funds from Coinbase to their ain accounts, frankincense stealing a immense magnitude of wealth successful the signifier of cryptocurrency.

Impersonating Coinbase, 1 of the the phishing messages told the idiosyncratic that idiosyncratic other whitethorn person had entree to their account, frankincense prompting Coinbase to fastener it. To unlock their account, the idiosyncratic needed to walk a information test. A Coinbase-spoofing phishing leafage past popped up asking the idiosyncratic to motion successful with their login credentials.

After gaining entree to the victim's inbox and Coinbase account, the attackers successful immoderate cases utilized that accusation to impersonate the user, get an SMS-based two-factor authentication codification and entree the person's Coinbase account. From there, it was a elemental substance for the cybercriminal to scoop up the funds from the victim's account.

To hijack a customer's account, the attackers did request to cognize the person's email address, password, and telephone number, arsenic good arsenic summation entree to their email inbox. Coinbase said it recovered nary grounds that the attackers got this accusation from the company. Rather, phishing attacks were the likeliest source.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

Coinbase added that aft it learned of the attack, the institution started moving with extracurricular information vendors to region the domains and websites utilized successful the phishing campaign. It besides alerted the email work providers astir affected by the attack.

In its email to affected customers, Coinbase said it would deposit funds into their accounts adjacent to the worth of the currency that was stolen. The institution besides acceptable up a dedicated telephone number—1-844-613-1499—that affected customers could telephone with immoderate questions oregon concerns astir the attack. Further, Coinbase said it would connection escaped recognition monitoring to those who were affected.

Though the onslaught worked by tricking users with a phishing message, Coinbase bears a halfway level of responsibility.

"As analyzable arsenic this hack sounds and is, it is adjacent much astounding however lax the information protocols were," said Purandar Das, president and co-founder astatine encryption-based information supplier Sotero. "From letting the hackers run for months, letting them bargain customers' credentials, to overriding the MFA, it does not look that a batch was done close from a information perspective." 

To motion into their Coinbase accounts, customers are prompted to acceptable up a circumstantial method of two-factor authentication. The choices see an SMS substance message, an authenticator app oregon a carnal information key. But those who opted for SMS made the incorrect choice. In its post, Coinbase admitted to a flaw successful its SMS relationship betterment process, a flaw that the attackers were capable to exploit to summation entree to definite accounts.

Among the assorted flavors of MFA oregon 2FA, SMS-based authentication is considered the least unafraid and the easiest to thwart. For that reason, Coinbase is present urging radical to follow 1 of the different methods,

"Many radical take to usage SMS 2FA, due to the fact that it's linked to a telephone number, alternatively than to 1 peculiar instrumentality and is mostly the easiest to acceptable up and to use," Coinbase said. "Unfortunately, that aforesaid level of convenience besides makes it easier for persistent attackers to intercept your 2FA codes. We powerfully promote everyone that presently uses SMS arsenic a secondary authentication method to upgrade to stronger methods similar Google Authenticator oregon a information key everyplace it is supported."

Beyond switching to a stronger method of authentication, each Coinbase users are urged to alteration their passwords if they haven't already done so.

Also see

• How to acceptable up two-factor authentication for your favourite platforms and services (free PDF) (TechRepublic)
• How to get users connected committee with two-factor authentication (TechRepublic)
• How to acceptable up two-factor authentication for your Google account (TechRepublic)
• How to alteration two-factor authentication for your Apple ID (TechRepublic)
• How to acceptable up two-factor authentication connected your Microsoft account (TechRepublic)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
• Security consciousness and grooming policy (TechRepublic Premium)
• Windows 10 security: A usher for concern leaders (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)