Crypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio,Cloudflare, DoorDash and more than a hundred other organizations last year.
In a post-mortem of the incident published over the weekend, Coinbase said that the so-called “0ktapus” hackers stole the login credentials of one of its employees in an attempt to remotely gain access to the company’s systems.
0ktapus is a hacking group that targeted more than 130 organizations in 2022 as part of an ongoing effort to steal the credentials of thousands of employees, often by impersonating Okta log-in pages. That figure of 130 organizations is now likely much higher, as a leaked CrowdStrike report seen by TechCrunch claims that the gang is now targeting several tech and video game companies.
In the case of Coinbase, the 0ktapus hackers first sent spoofed SMS text messages to several employees on February 5 advising that they needed to log in urgently using the link provided to receive an important message. One employee followed the phishing link and entered their credentials. In the next phase, the attacker tried to log into Coinbase’s internal systems using the stolen credentials but failed because access was protected with multi-factor authentication.
Some 20 minutes later, the attacker used voice phishing, or “vishing,” to call the employee claiming to be from the Coinbase IT team, and directed the victim to log into their workstation. This allowed the attacker to view employee information, including names, email addresses and phone numbers.
“A threat actor was able to view the dashboard of a small number of internal Coinbase communication tools and access limited employee contact information,” Coinbase spokesperson Jaclyn Sales told TechCrunch. “The threat actor was able to see, through a screen share, certain views of internal dashboards and accessed limited employee contact information.”
However, Coinbase says its security team responded quickly, preventing the threat accessor from accessing customer data or funds.“Our security team was able to detect unusual activity quickly and prevent any other access to internal systems or data,” Sales added.
Coinbase said no customer data was accessed, but the company’s chief information security officer, Jeff Lunglhofer, said he recommends that users consider switching to hardware security keys for stronger account access, but did not say whether it uses hardware keys internally, which cannot be phished.
Security breach? Don’t blame your employees
FAQs
In a post-mortem of the incident published over the weekend, Coinbase said that the so-called “0ktapus” hackers stole the login credentials of one of its employees in an attempt to remotely gain access to the company's systems.
How do hackers get into your Coinbase account? ›
Keyloggers, remote access trojans (RATs), and cookie-stealing malware can all be used to steal your sign-in credentials and gain unauthorized access to your accounts.
Is Coinbase secure from hackers? ›
Yes, Coinbase is one of the safest crypto exchanges you can use. It has a wide range of sophisticated technology to protect your user data and your investments from online threats. More on these security feature and tools below.
Will Coinbase refund if scammed? ›
Coinbase Account Protection does not cover reimbursem*nt of funds that you voluntarily sent to a third party in connection with an investment scam or otherwise, or if you mistakenly bought Digital Currency or sent Digital Currency to the wrong addressee.
What is the security incident with Coinbase? ›
More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase's SMS-based two-factor authentication system to breach accounts.
Can someone steal your info from Coinbase? ›
Never share your recovery phrase with anyone.
If someone finds out your private keys and passwords, they could access your funds. Use a virtual private network (VPN) when accessing your Coinbase Wallet. This will prevent anyone from intercepting your data as you enter your passcode.
Can someone get your bank info from Coinbase? ›
Secure Communication: All traffic between your device and Coinbase is encrypted to prevent any third-party eavesdropping on your connection. This ensures that your data remains private during transmission.
Will Coinbase pay if hacked? ›
However, our policy does not cover any losses resulting from unauthorized access to your personal Coinbase or Coinbase Pro account(s) due to a breach or loss of your credentials.
Is Coinbase in trouble? ›
Coinbase, the largest U.S.-based crypto trading platform, is facing obstacles in the form of hostile regulators (including the SEC, which sued the company), data breaches, disgruntled customers, and technical glitches. Plus, it's facing new competition from fund companies and brokerages.
Is it safe to give my SSN to Coinbase? ›
We will never sell or rent your personal information to third parties. For more information please check out our Privacy Policy and User Agreement.
With the asset recovery service, verified Coinbase customers can now recover lost funds for certain ERC-20 assets and send them to a self-custodial wallet of their choice.
How do I speak to a human at Coinbase? ›
Tip 1. If you are trying to reach Coinbase Support, the only Coinbase phone number is 1 (888) 908–7930.
Has Coinbase Wallet ever been hacked? ›
List of reported incidents involving Coinbase wallets being compromised, hacked, or locked: 1. In 2021, Coinbase suffered a hacking incident that affected 6,000 users, completely draining their accounts. Coinbase has since refunded users and put crypto back into user accounts.
Is Coinbase safe right now? ›
Its liquidity and wise token allocation make it one of the most durable crypto exchanges. These are some reasons Coinbase is a safe crypto exchange.
How safe is Coinbase from hackers? ›
Coinbase takes extensive security measures to keep customer accounts and cryptocurrency investments safe. Nonetheless, many customers have faced unauthorized account access. Plus, many users also complain about technical glitches, poor customer support, and service outages.
How do I avoid getting scammed on Coinbase? ›
Always verify emails from Coinbase.
Coinbase emails will always have the coinbase.com domain name in the sender's address and will never ask for your information. Always verify emails from Coinbase.
What happens if someone gets your Coinbase account? ›
The first step an investor should take upon realizing their account was hacked is to notify Coinbase immediately. From there, the investor may consider hiring an attorney to represent them against Coinbase in an attempt to recoup their losses due to Coinbase's failures.