Hackers Exploited 2FA Flaw in Coinbase to Steal Customer Funds

Coinbase is a huge crypto exchange platform for buying and selling cryptocurrency, and it also serves virtual wallets as well. But, recently, hackers exploited a 2FA bug in Coinbase, due to which thousands of customers have suffered the outcomes.

Exactly, cryptocurrencies have been stolen from up to 6,000 clients of the platform. And here the most bothersome thing is that the threat actors have exploited Coinbase’s multi-factor authentication through SMS function.

What happened?

Coinbase itself has confirmed that it has been the victim between March and May 20, 2021, of a third-party campaign in which the threat actors have gained illegal access to the accounts of Coinbase customers to steal customer funds from Coinbase.

However, the exact way is not yet cleared that how these third parties gained access to this information. As this type of campaign generally involves phishing attacks or other social engineering methods to fool a victim into unknowingly revealing login credentials to the threat actors.

Data exposed

There is some data that has been exposed in this attack, and here they are mentioned below:-

  • Your full name
  • Email address,
  • Home address
  • Date of birth
  • IP addresses for account activity
  • Transaction history
  • Account holdings
  • Balance

What Coinbase is doing to help you?

Just after the recognition of the attack, Coinbase has immediately updated its SMS Account Recovery protocols, and the main motive of doing this is to prevent any further hack of the authentication process.

Moreover, Coinbase will be transferring funds into the victim’s account that are equal to the value of the currency poorly removed from their account at the time of the attack.

Not only this but Coinbase will provide free credit monitoring to attacked customers who are involved and if it is available in the country of residence.


After detecting the attack, Coinbase has suggested the victims those who currently use SMS-based two-factor authentication to use an even more effective method of securing their Coinbase accounts.

Methods like:-

  • Time-based one-time password (TOTP)
  • Hardware security key

While they have also recommended all its customers to immediately flush the password of their Coinbase account, and apply a new, strong, and unique password which is only used in this account.

Always, keep a check of the personal accounts and free credit reports for any unusual activity, compatible with best methods for the next 12-24 months. 

However, Coinbase has highlighted the danger of these kinds of phishing campaigns and guarantees that they are now operating “with external partners” to ban all residual traces of phishing from the platform.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.