OODA Loop – MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

At least 6,000 Coinbase customers were robbed after attackers were able to bypass the multi-factor authentication on the cryptocurrency exchange platform. Coinbase suspects phishing allowed the attackers to access personal details, but also blamed a flaw in the multi-factor authentication process. The theft occurred between March and May 20, 2021.

The attackers seized the SMS two-factor authentication tokens and transferred funds to crypto wallets that were not associated with Coinbase. The attackers needed the victims’ email addresses, passwords and phone numbers in addition to access to their personal email inboxes. Coinbase notes that this information was most likely gathered through phishing attacks. Coinbase also warned this week that phishing attacks are on the rise, both in terms of attempts and success rates. Coinbase has updated its SMS account recovery and two factor authentication protocols after the attack.