Coinbase reports at least 6,000 user accounts compromised through exploited authentication bug

Third-party actors exploited a bug in the multi-factor authentication (MFA) process at crypto exchange Coinbase, gaining access to at least 6,000 user accounts between March and May of this year.

BleepingComputer first reported the developments, which were outlined in a message previously issued to affected users.

The attackers obtained user account information then used a flaw in Coinbase’s MFA system to gain unauthorized access to user accounts and moved funds off of the exchange. As the crypto exchange told its affected users in the message: 

“​​While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.” 

Coinbase pledged to deposit funds into affected accounts equal to the amount lost during the exploit, as well as to provide free phone support and credit monitoring for victims. The exchange also stated that it will work with law enforcement and launch internal investigations to find the culprits responsible for the incident. 

Coinbase saw sizable growth in user accounts during Q1 and Q2 of this year when the hack occurred. Per The Block’s Data Dashboard, the number of user accounts grew 30% between Q4 of 2020 and Q1 of 2021, and 21.4% between Q1 and Q2 of this year.