- 6 October 2021
- Posted by: btcbros12
- Categories: Bitcoin, Cryptocurrency, Ethereum, Services
Recently Coinbase announced that there had been a large-scale phishing attack on the platform between the months of March and May. This attack gave the hackers access to over 6000 accounts, and their funds were stolen.
The platform, in its blog post, mentioned how the attack could’ve taken place. First, the attackers used email IDs to look like Coinbase’s customer service. Then, they sent emails and messages of several kinds to the users. One of them was that the user’s account had been locked.
Post this; the hackers provided a link to them, where account holders could ‘recover’ their account. In this fake link, the attackers obtained all the users’ login details to gain access to their accounts. This way, they stole their funds.
What’s still not understood is how the hackers identify these email addresses of the Coinbase users. According to the company, “there was no evidence to suggest the information was obtained from [inside] the company.”
They also acknowledged that “the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
The company also said, “We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost.”
Coinbase is known for its industry-standard security, and the company stated that the attackers did not breach the platform’s broad security measures.
While Coinbase has fixed this flaw and has started reimbursing all the users, the platform’s security still remains a concern. Coinbase is one of world’s biggest exchanges. This indicates that if a breach can happen with Coinbase, there’s a good chance it can happen with others as well.
In fact, numerous other crypto-based businesses have been affected by cyber attacks in recent times. For example, Liquid, a Japanese cryptocurrency exchange, was hit by an attack leading to a theft of $97 million from users’ digital wallets. However, this figure wasn’t determined by Liquid but by a blockchain analysis company called Elliptic.
A majority of the funds stolen were of Bitcoin and Ethereum. This incident took place in August.
With such attacks plaguing exchanges and other businesses, security concerns are likely to surface amongst crypto users once again. In general, cybercrimes and attacks are evolving, and it seems like the platforms are finding it challenging to keep their systems and users’ funds safe.
What remains to be seen is how the platform and the industry, in general, further secures its systems and what measures they take to do so.