As cryptocurrencies, which are recognized by more and more people, become so widespread, we see that attacks, frauds and thefts in this area also increase. As an example, we saw the latest pNetwork site. $12 million worth of Bitcoin was stolen from the hacked site.
Now, Coinbase, one of the world’s leading cryptocurrency exchanges, is in a similar situation. The site was not hacked, but users’ accounts were reportedly compromised due to a vulnerability in the SMS account recovery method. As a result, all crypto assets of at least 6,000 people disappeared. Coinbase shared a text on this subject.
A vulnerability was exploited in the account recovery system via SMS:
In the said text, Coinbase, third-party applications to access your account; He said he needed to know your email, password, and phone number associated with your Coinbase account. Stating that he did not know how to access this information, the platform said that this information was generally obtained by phishing method.
This means that users give their information to people they don’t know are malicious. Saying in the rest of the text that there is no evidence that this information was received from Coinbase, the platform addressed a vulnerability in the SMS account recovery system. Coinbase said that the third-party application received a two-step verification notification via SMS using a vulnerability here, thus providing access to accounts in this way.
After accessing the account, all that remained for the malicious was to transfer the crypto assets to different accounts.
Cryptocurrency values at the time of the incident will be transferred to the accounts of the victims:
In the continuation of the text he shared, Coinbase said that it has developed the SMS system in a way that it cannot be passed. In addition, he said that the accounts of 6,000 people affected by the incident will be refunded according to the value of the cryptocurrencies at the time of the incident, which will not take more than 1 day.
Apart from the stolen crypto assets, Coinbase is responsible for the attackers; He also stated that he saw people’s e-mail addresses, home addresses, dates of birth, names and IP addresses. The platform concluded its text by stating that this information may have been changed. The legal process of the incident, which took place between March and May 20, is still ongoing.