- Coinbase users saw a defect in the activity records of their account
- The records showed failed login attempts such as failed 2FA codes
- The error was apparently used in social engineering, but there is no evidence.
The two factors’ authentication error (2FA) in Coinbase, one of the largest cryptocurrency trade platforms in the world, was finally solved.
In early April, Coinbase clients began to notice that the activity records of their account showed “2 -step verification” tickets. This would suggest that someone tried to log in using valid credentials, but only stopped after entering the incorrect 2FA code.
Coinbase (and some media, including Bleepingcomputer) Soon it was notified about the messages and launched an investigation. Apparently, the registration was shown when someone tried to log in using incorrect credentials, but mistakenly listed as “2 -step verification.” In some cases, the record would also show the message “Second_factor_failure”, which basically meant the same.
Second increase
Since then, the platform has approached the problem and has updated the registration to show a message of “failed password attempt” in its place.
Although trivial sounds, Bleepingcomputer He says that fixing errors like this is “essential”, not causing unnecessary panic. Apparently, some users communicated to say that they were restoring their passwords and “spent hours” trying to find out if their accounts were pirate or not.
In addition, the publication argues that incorrect labels could be abused in social engineering attacks, and criminals convince the victims that their accounts were committed and deceived them to make wrong decisions.
Being one of the largest cryptocurrency trade platforms that exist, Coinbase is often the objective of different scams. Crypto is a seedbed for cybercriminals, since it still operates mainly in the gray area and since the funds, once transferred, are impossible to recover. In addition, some tokens, such as Monero, give their users high levels of anonymity and privacy, which makes it almost impossible to determine the identity of scammers and cybercriminals.
Through Bleepingcomputer
