Coinbase, the world’s second largest cryptocurrency website, said that 6,000 investors had their assets stolen. The hackers needed to know the email, password and phone number of the users.
Coinbase, a cryptocurrency exchange based in San Francisco, California, suffered the worst hack in history, in which the assets of 6,000 investors were stolen.
A representative of the company confirmed this week that the security of the platform has been compromised by hackers who exploited a vulnerability identified in the platform’s multifactor SMS authentication process.
Note Coinbase via a report That to carry out the attack, hackers need to know the email, password, and phone number associated with Coinbase accounts as well as access to their partners’ personal emails.
It may interest you: Hackers steal $600 million in cryptocurrency, the largest embezzlement in the world
In the letter sent to his clients, he explained that between March and May 20, 2021, those responsible for the scam conducted a hacking campaign to breach Coinbase customers’ accounts and steal cryptocurrency.
He added that the scammers gained access to each user’s personal data through well-planned phishing campaigns.
– MalwareHunterTeam (@malwrhunterteam) January 29 2021
“While we cannot definitively determine how these third parties gained access to this information, this type of campaign generally includes phishing attacks or other social engineering techniques to trick a victim into unintentionally revealing their session login credentials” in the summary.
Coinbase has acknowledged a vulnerability in the recovery process for its SMS account, which allowed it to obtain the two-factor authentication code for SMS required to access a secure account.
After identifying the theft, he said he had worked to improve the recovery protocols for the SMS accounts and stated that he had started depositing the stolen amounts into the accounts of the affected users.
Coinbase has approximately 68 million users located in more than 100 countries and is the second largest cryptocurrency exchange in the world.
During 2021, cases of hacking and fraud related to cryptocurrency have intensified. According to cryptohead.io, a website that specializes in crypto assets, the scam amounted to $3,000 million.
One of the latest scams is that of Poly Network, the blockchain-based decentralized financial platform, which last August suffered a massive attack from hackers who breached $600 million.
Considered the world’s largest DeFi scam.
“We regret to announce that PolyNetwork has been attacked in BinanceChain, Ethereum and 0xPolygon,” Poly Network said via its Twitter account where it also announced that it had taken legal action against those involved.
The attack was registered from Ethereum, for $264.8 million in tokens; Binance Chain account of $250.8 million; And one by Polygon is about $85 million.