Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Coinbase 2FA error fixed after many believed their account was hacked

Coinbase United States BleepingComputer Crypto
Coinbase Visa.
  • Coinbase users spotted a flaw in their Account Activity logs
  • The logs were showing failed login attempts as failed 2FA codes
  • The bug was apparently used in social engineering, but there is no evidence

The two-factor authentication (2FA) error on Coinbase, one of the biggest cryptocurrency trading platforms in the world, was finally fixed.

In early April, Coinbase customers started noticing that their Account Activity logs showed “2-step verification failed” entries. These would suggest that someone tried to log in using valid credentials but was only stopped after entering the wrong 2FA code.

Coinbase (and a few media, including BleepingComputer) was soon notified about the messages, and launched an investigation. Apparently, the log was showing when someone tried to log in using the wrong credentials, but erroneously listed it as “2-step verification failed”. In some instances, the log would also show the “second_factor_failure” message, which basically meant the same thing.

Second increase

The platform has since addressed the issue and updated the log so that it displays a “Password attempt failed” message instead.

Although it might sound trivial, BleepingComputer says fixing errors like this is “essential”, not to cause unnecessary panic. Apparently, some users reached out to say that they were resetting their passwords and “spent hours” trying to figure out if their accounts were hacked or not.

Furthermore, the publication argues that wrong labels could be abused in social engineering attacks, with crooks convincing victims that their accounts were compromised and tricking them into making wrong decisions.

Being one of the largest cryptocurrency trading platforms out there, Coinbase is often the target of different scams. Crypto is a hotbed for cybercriminals, since it still mostly operates in the grey zone and since funds, once transferred, are impossible to retrieve. Furthermore some tokens, such as Monero, grant their users high levels of anonymity and privacy, making it almost impossible to determine the identity of scammers and cybercriminals.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Blake Lively Revives the Peplum Trend With $2,895 Louboutin Heels and a Sequin Chanel Bag
She chose an all-leather look to revive the style.
Marie Claire
Marie Claire
TikTok famous Okay Baby’s mom releases statement after toddler’s heartbreaking death
Preston Ordone died last week in a car crash
The Independent UK
The Independent UK
Sharon Osbourne remembers first thoughts when she laid eyes on Ozzy: “What the f*ck?!”
Sharon Osbourne first saw her husband at a Black Sabbath show when she was 18 – and it was unlike anything she’d experienced before
Metal Hammer
Metal Hammer
So those anti-piracy ads 'stole' a font? The hypocrisy is astounding
Piracy is a crime... except when it's a typeface?
Creative Bloq
Creative Bloq
Kendrick Lamar and SZA review – powerhouse duo make their mark in Atlanta
The record-breaking Grand National tour brings together two stylistically opposed stars and continues an internet-breaking feud
The Guardian - US
The Guardian - US
In the $250B influencer industry, being a hater can be the only way to rein in bad behavior
Since 2020, content creator Remi Bader had accumulated millions of TikTok followers by offering her opinions on the fits of popular clothing brands as a plus-size woman.
The Conversation
The Conversation
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play