- Coinbase users have spotted a flaw in business business newspapers
- The newspapers showed missed connection attempts as a failed 2FA codes
- The bug was apparently used in social engineering, but there is no evidence
The two-factor authentication error (2FA) on Coinbase, one of the largest cryptocurrency trading platforms in the world, was finally fixed.
At the beginning of April, Coinbase customers began to notice that the business newspapers of their account showed “2 -step verification” entries. This suggests that someone tried to connect using valid identification information but was only arrested after having entered the poor code 2FA.
Coinbase (and some media, including Bleeping Compompute) was quickly informed of messages and launched an investigation. Apparently, the newspaper displayed when someone tried to connect using bad identification information, but listed it by mistake as a “2 -step verification failed”. In some cases, the newspaper would also display the message “Second_Factor_Failure”, which essentially meant the same thing.
Second increase
The platform has since tackled the problem and updated the newspaper so that it displays a message “attempted password failed” instead.
Although it may seem trivial, Bleeping Compompute Said the repair of errors like this is “essential”, do not cause unnecessary panic. Apparently, some users have stretched their hand to say that they reset their passwords and “spent hours” trying to determine whether their accounts have been hacked or not.
In addition, the publication argues that bad labels could be mistreated in social engineering attacks, the crooks convincing the victims that their accounts have been compromised and encourage them to make bad decisions.
Being one of the largest cryptocurrency trading platforms, Coinbase is often the target of different scams. Crypto is a home for cybercriminals, because it still works mainly in the gray area and since the funds, once transferred, are impossible to recover. In addition, some tokens, such as Monero, grant their users high levels of anonymity and confidentiality, which makes it almost impossible to determine the identity of crooks and cybercriminals.
Via Bleeping Compompute
