Cryptocurrency exchange (CEX) Coinbase is hacked—6,000 users ended up losing their funds. Listed on the NASDAQ exchange, Coinbase’s hacking instance gave illegitimate customer accounts access to the hackers. The vulnerability exploited by the hackers to avail Coinbase customer accounts’ access is the SMS Account Recovery process.
The second-largest CEX, Coinbase states hackers must first know customers’ email addresses, password, and phone number for hacking successfully. Access to customers’ email accounts is also required.
Coinbase opines hackers’ access to sensitive customer information could have emanated from the recent “phishing campaigns targeting Coinbase customers.” The other probable reason could be banking trojans, per Coinbase.
As per Coinbase, Customers using SMS texts for two-factor authentication (2FA) fell prey to hackers’ threat. Now, the SMS Account Recovery protocols stand changed for good. Coinbase’s official announcement on the issue is as follows:
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today.” An internal investigation is underway whereas Coinbase is, with law enforcement, tracing the hacking culprits.
Although, Coinbase still maintains the following:
“We have not found any evidence that these third parties obtained [user] information from Coinbase itself.”
In another Coinbase development, the acclaimed CEX is discussing regulatory framework with U.S. lawmakers and congress members. Brian Armstrong, CEO & Co-founder, Coinbase, tweeted suggesting the option of “sensible / thoughtful regulation.”
Notably, Coinbase works under the compliance oversight of the following:
- Financial Crimes Enforcement Network (FinCEN
- The Securities & Exchange Commission (SEC)
- The Commodity Futures Trading Commission (CFTC)
- The Internal Revenue Service (IRS)
- The Treasury
- TheOffice of Foreign Assets Control (OFAC).