Поделиться этой статьей
Coinbase Multi-Factor Authentication Hack Affects at Least 6,000 Customers
A flaw allowed hackers to get customers’ SMS two-factor authentication code and break into their accounts.
Автор Nate DiCamillo
A vulnerability that allowed hackers to bypass Coinbase’s multi-factor authentication SMS option has affected at least 6,000 of the exchange’s customers, according to a notification letter sent to affected customers that the company has filed with the California state attorney general offices.
- Between March and May 20, the hacker or hackers used a flaw in Coinbase’s account recovery process to get the SMS two-factor authentication token to break into customers’ accounts and transfer funds out of them.
- The bad actor or actors also had access to the email address, password and phone number associated with each Coinbase account. Coinbase believes that the hacker stole those credentials through a phishing scheme and noted in its letter to the California AG that it has not found evidence of the hacker getting this information from Coinbase itself.
- “We took immediate action to mitigate the impact of the campaign by working with external partners to remove phishing sites as they were identified, as well as notifying the email providers impacted,” a Coinbase spokesperson said via email. “Unfortunately we believe, although cannot conclusively determine, that some Coinbase customers may have fallen victim to the phishing campaign and turned over their Coinbase credentials and the phone numbers verified in their accounts to attackers.”
- Coinbase said it is compensating customers for the stolen funds, but it’s unclear whether those payments are being made in fiat or crypto.
- The exchange recommended that users switch to a more secure version of multi-factor authentication such as a hardware security key or authentication app.
- This appears to be one of the largest breaches to have affected Coinbase. Other notable breaches included a password glitch in August 2019 that stored 3,500 customer passwords in plain text on an internal server log, although outside parties didn’t take advantage of the vulnerability. In the same month, Coinbase revealed the details of a sophisticated attack that was blocked by Coinbase but that resembled what would normally happen in a nation state-sponsored attack.
STORY CONTINUES BELOW
Не пропустите другую историю.Подпишитесь на рассылку Crypto Daybook Americas сегодня. Просмотреть все рассылки
Больше для вас
Что нужно знать:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
French Banking Giant BPCE to Roll Out Crypto Trading for 2M Retail Clients
The service will allow customers to buy and sell BTC, ETH, SOL, and USDC through a separate digital asset account managed by Hexarq.
What to know:
- French banking group BPCE will start offering crypto trading services to 2 million retail customers through its Banque Populaire and Caisse d’Épargne apps, with plans to expand to 12 million customers by 2026.
- The service will allow customers to buy and sell BTC, ETH, SOL, and USDC through a separate digital asset account managed by Hexarq, with a €2.99 monthly fee and 1.5% transaction commission.
- The move follows similar initiatives by other European banks, such as BBVA, Santander, and Raiffeisen Bank, which have already started offering crypto trading services to their customers.
Top Stories
