COINBASE HACKING INCIDENT: ANALYSIS AND IMPLICATIONS FOR EXCHANGE SECURITY
INTRODUCTION
The Coinbase hacking incident refers to a series of phishing attacks that targeted the cryptocurrency exchange's users, resulting in significant financial losses.
HOW THE HACK OCCURS
The hackers exploited a flaw in Coinbase's account recovery process, allowing them to bypass multi-factor authentication (MFA) SMSes.
They obtained personal information such as email addresses, passwords, and phone numbers from a third-party source, not Coinbase itself. The attackers then used this information to gain access to user accounts and steal funds.
HOW THE SCAMS WORK & WHY COINBASE IS STRUGGLING TO RESPOND
In the detailed breakdown, ZachXBT and a fellow researcher analyzed withdrawal data and user reports, revealing a pattern of sophisticated scams exploiting Coinbase’s security shortcomings.
One noteworthy case involved a victim who lost approximately $850,000, which was traced to a single consolidation address linked to over 25 other victims.
Another high-profile theft saw a Coinbase user lose 110 cbBTC, which is Coinbase’s wrapped Bitcoin on its Base network, worth $11.5 million.
ZachXBT’s investigation reveals that scammers employ a mix of advanced tactics and psychological manipulation to gain access to user accounts.
Attackers often initiate contact via phone calls, leveraging data from breached databases to appear legitimate.
They pose as Coinbase representatives, warning users that their accounts have been compromised and requiring immediate action.
Victims are then directed to fraudulent websites that perfectly mimic Coinbase’s interface, where they are prompted to enter their login credentials or approve transactions
unknowingly transferring funds to scam addresses.
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.
— ZachXBT (@zachxbt) February 3, 2025
This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc
CALLS FOR URGENT SECURITY REFORMS
As frustration mounts, experts and users alike are calling for urgent security reforms within Coinbase.
ZachXBT outlined several measures the exchange should take to protect its users.
One measure is to enhance account security by making phone numbers optional for advanced users who prefer authenticator apps or security keys.
Protections for elderly and beginner users should be introduced, with account types that restrict high-risk withdrawals for less-experienced traders.
Coinbase was also urged to improve community outreach by increasing security awareness through blog posts, real-time incident response, and proactive scam detection.
Beyond internal security measures, experts emphasize the importance of legal action against cybercriminals.
Efforts should be made to hold US-based threat actors accountable while targeting services like TLOxp and TransUnion, which provide data exploited in these scams.
While Coinbase has taken steps to improve its platform such as offering stablecoin (https://university.mitosis.org/stablecoin/ )on/off ramps and engaging in legal battles against the SEC these initiatives do little to address the rising tide of social engineering attacks.
PHISHING ATTACK TACTICS
The phishing attacks were sophisticated and multi-layered, involving:
- Spoofed Emails: Hackers sent emails purporting to come from Coinbase, prompting users to log in due to an "urgent matter" such as a locked account or transaction confirmation.
- Fake Websites: Users were directed to fraudulent websites that mimicked Coinbase's interface, where they were asked to enter login credentials and MFA codes.
- Social Engineering: Attackers used psychological manipulation to trick users into divulging sensitive information or transferring funds to scam wallets.
IMPLICATION FOR EXCHANGE SECURITY
The Coinbase hacking incident highlights several security concerns:
- SMS-based MFA is insecure: The incident demonstrates the vulnerabilities of SMS-based MFA, which can be susceptible to SIM swap attacks and phishing campaigns. Exchanges should consider alternative MFA methods, such as private keys(Private Key) or time-based one-time passwords (TOTP).
- Phishing attacks are evolving: The attacks on Coinbase show that phishing campaigns are becoming more sophisticated, using advanced tactics to bypass security measures.
- Importance of password security: Users should use strong, unique passwords and enable 2FA to protect their accounts.
- Regular security audits and monitoring: Exchanges should regularly monitor their systems for suspicious activity and perform security audits to identify vulnerabilities.
COINBASE AKNOWLEDGED A MULTI-FACTOR AUTHENTICATION FLAW, REIMBURSES THE STOLEN CRYPTO
Coinbase acknowledged a multi-factor authentication flaw that allowed hackers to receive an SMS-based two-factor authentication token required to retrieve user accounts.
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” Coinbase admitted.
The company assured users that it had since fixed the “SMS Account Recovery protocols to prevent any further bypassing of that authentication process.”
Additionally, Coinbase promised to reimburse the “full value” of cryptocurrency stolen in the Coinbase hack. Some of the affected customers had reportedly received their cryptocurrency back.
CONCLUSION
The Coinbase hacking incident serves as a reminder of the importance of robust security measures in protecting user accounts and funds. Exchanges should prioritize user security, implement effective countermeasures, and educate users on best practices to prevent similar incidents in the future.
REFERENCE LINKS
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.
— ZachXBT (@zachxbt) February 3, 2025
This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc
https://university.mitosis.org/private-key/
TM
Comments ()