Thousands of cryptocurrency exchange clients fell victim to phishing attacks

The largest American cryptocurrency exchange Coinbase disclosed the details of an incident in which «at least 6 thousand customers of the trading platform were victims of theft of funds from their accounts. «

It was caused by a massive phishing attack, during which cybercriminals bypassed two-factor authentication of accounts based on SMS messages. Recall that the first news about the problems with Coinbase appeared back in August, but all the details of what happened were recently disclosed.

As a reminder, two-factor authentication is the second level of protection besides the account password. In this case, to enter the account, in addition to entering the secret combination, the user must also enter another combination sent to him in an SMS message.

A safer option is to use special applications like Google Authenticator that generate these codes. Their peculiarity lies in the fact that the creation of codes occurs without an Internet connection. Accordingly, for additional security, you can use a special separate device that, for example, does not leave the apartment. Still, an ordinary phone on the street can be lost or lost due to thieves.

Note that these codes are also needed to approve important transactions. For example, they are useful for withdrawing funds outside the exchange to other wallets. We recommend using two-factor identification without fail – even if you are not working with large amounts. In any case, an additional password will be an important barrier for fraudsters.

How money is stolen from crypto exchanges

Information about the theft of funds was noted in the company’s official letter to its users. It says that the attackers managed to get access to the email of their victims, and then withdraw their coins. They were not hindered by the two-factor SMS authentication mechanism, since a flaw was later discovered in it.

Here is a quote from a letter on this matter, in which representatives of the platform share the results of the situation. The cue is from Decrypt .

In this case, customers using two-factor SMS authentication were attacked due to a vulnerability in the process of identifying the owner of the account, which allowed fraudsters to take possession of unique combinations to confirm their login.

Once again, we note that SMS authentication is less reliable than using a special application. Nevertheless, it is really possible to intercept information from messages, in addition, the topic of restoring someone else’s SIM card by strangers is often practiced abroad. So it is better to allocate a separate smartphone for passwords, which will be at home.


Coinbase representatives said that the financial losses of customers will be reimbursed, while the compensation process has already begun. Unfortunately, the company did not share the exact figure for the amount of losses. In addition, it was noted that the incident was not classified as a hacker attack as Coinbase’s internal defenses were not compromised. Accordingly, the scammers took advantage of the gullibility of the exchange users, who turned out to be the weakest link in the hacking process.

Two-factor authentication

It is still not known exactly why Coinbase did not disclose information about what happened, as incidents with the loss of customer funds occurred between March and May. During all this time, the company has not issued any official warnings and has not heeded the huge number of complaints from victims. According to the representatives of the trading platform themselves, the problem was kept secret, trying to avoid problems with law enforcement agencies.

Here is a quote from an exchange employee.

Due to the size, scale and complexity of the phishing campaign, we worked with a number of partners, law enforcement agencies and other stakeholders to process the incident and create mitigation methods. It was inconvenient for us to disclose information about the attack until the right steps were taken. We wanted to ensure that this could not happen again in the future and would not jeopardize the integrity of the law enforcement investigation.

The exchange now recommends switching the two-factor authentication method to a more secure one – using an authenticator app or an external device. And we remind you: to avoid the fate of victims of a phishing attack, use complex passwords, different secret combinations for email and exchange accounts, as well as reliable applications for two-factor authentication.

We believe this situation should serve as a lesson for all cryptocurrency users. You can lose money even if they are on the stock exchanges. In this regard, it is necessary to use all possible security measures – and do this without fail. It’s also very important to think about your passwords as many people use the same combination across different sites, services and platforms.

Leave a Reply

Your email address will not be published. Required fields are marked *