Hackers Allegedly Used Coinbase 2 Factor Authentication (2FA) Bug to Steal Customer Funds

Over 6,000 Accounts Affected in Massive Cryptocurrency Data Breach

The national securities and cryptocurrency law firm Levin Law, P.A. is investigating a major data breach affecting over 6,000 Coinbase customers. Reports indicate that hackers bypassed the cryptocurrency exchange’s two-factor authentication system in order to gain access to the accounts.

If your Coinbase account was hacked and you have suffered cryptocurrency losses, possibly as a result of Coinbase’s security or data failures, or other negligence, contact Levin Law, P.A. for a free case evaluation. Call (305) 402-9050 to discuss your case directly with managing partner Brian Levin or email the firm directly at contact@levinlawpa.com.

2FA Security Flaw Leads to Data Breach

According to reports, in a letter to affected account holders, Coinbase acknowledged that a flaw in their SMS Account Recovery process allowed hackers to “receive an SMS two-factor authentication token.” The two-factor authentication (“2FA”) token was then used to gain access to individual accounts. 

It is believed that the thousands of cryptocurrency accounts were targeted as part of a fraudulent scheme that enabled hackers to obtain unauthorized access to their login credentials, including usernames and passwords.

Substantial Cryptocurrency Losses

The security failure ultimately resulted in the cryptocurrency funds of over 6,000 accounts being moved from the Coinbase platform. The data breach occurred between March and May of this year. 

It is suspected that the initial third-party campaign involved a phishing attack or “other social engineering techniques” that tricked account holders into providing their login information to hackers.

Personal Information Disclosure

While the complete scope of the hack is unknown, it is believed that the parties involved likely had access to account holders’ personal information, including their name, address, date of birth, IP address, account holdings, and more. Affected customers are strongly encouraged to change their Coinbase passwords as well as their email account passwords.

A Predictable Outcome

This is not the first time that bad actors have targeted digital currency holders. Industry insiders question whether cryptocurrency exchanges should continue the use of SMS-based verification such as the two-factor authentication process or multi-factor authentication, which have been susceptible to hacking. 

The information obtained from this unauthorized access of a cryptocurrency holder’s account not only allows the third party to remove funds but also gives them unlimited access to identifying information on the customer’s account. 

Suffered Losses in the Cryptocurrency Data Breach? Contact Levin Law Today.

If you have suffered cryptocurrency losses as a result of a data breach such as the one affecting Coinbase customers, contact Levin Law, P.A. for a free case evaluation. Call (305) 402-9050 or email contact@levinlawpa.com to speak directly with Levin Law founder and managing partner Brian Levin. 

Most cases are handled on a contingency fee basis, meaning that clients are not obligated to pay Levin Law’s attorney fees unless money is recovered on their behalf. Attorney Brian Levin proudly represents clients nationwide who have been affected by cryptocurrency hacking and security breaches resulting from a company’s negligence.

About Levin Law

Levin Law is a premier national securities, cryptocurrency, and class action law firm.  Brian Levin, Levin Law’s managing attorney, has obtained settlements and recoveries of over $150,000,000 in assets through arbitration and litigation for individual and institutional investors throughout the country and the rest of the world. Levin Law represents cryptocurrency investors, retirees, individual investors, high-net-worth investors, ultra-high-net-worth investors, institutions, family offices, trusts, publicly held companies, and others.