Thousands of Coinbase Global Inc. (NASDAQ:COIN) users lost their digital assets after blackhat hackers exploited the cryptocurrency exchange’s SMS account recovery process to get into their accounts.
See Also: COINBASE REVIEW
What Happened: According to a Bleeping Computer Friday report, attackers were able to bypass Coinbase’s multifactor authentication system for the second time this year. The attackers accessed 6,000 accounts; the value of the assets siphoned out is not known.
Earlier this week, Coinbase purportedly notified the affected customers after the theft occurred between March and May of this year.
To access the accounts, the attackers had to know the users’ email address, password and phone number. So far it is unclear how the criminals were able to obtain this information, but phishing campaigns targeting crypto exchange users are common enough to be a likely option.
Coinbase identified a vulnerability in the account recovery process that was exploited in the hack. The vulnerability — present in the SMS-based two-factor authentication system — allowed the attackers to receive the two-authentication token and access the accounts.
COIN Price Action: Coinbase’s stock seemingly is so far unaffected by the reports, with the stock trading 2.4% higher at $232.93 late in Friday’s session.
See Also: COINBASE VS. GEMINI