Cryptocurrency Fraud , Fraud Management & Cybercrime , Multi-factor & Risk-based Authentication

125,000 Coinbase Users Get False Security Alerts

Cryptocurrency Exchange Offering Some Affected Users $100 Worth of Bitcoin
125,000 Coinbase Users Get False Security Alerts
(Photo: Hubert Lamela via Flickr)

Cryptocurrency exchange Coinbase faces potential user trust challenges after a system error led it to send out false automated security alerts to about 125,000 customers late last week indicating their two-factor authentication settings had been changed.

See Also: OnDemand | Password Management: Securing Hybrid Work for the Long Haul

The U.S.-based exchange, which confirmed the system error via Twitter on Aug. 28, said it was not due to a malicious cyberattack or third-party error. "Our teams immediately recognized the problem and worked as quickly as possible to ensure these erroneous notifications were stopped and the underlying issue fixed."

In a statement provided to Information Security Media Group, a Coinbase spokesperson said the erroneous notifications were sent via email and text messages between 1:45 p.m. and 3:07 p.m. PST on Aug. 27.

The notifications reportedly sparked fears that accounts had been compromised because two-factor authentication settings can only be reset by customers.

The alert also reportedly caused some panic selling, with one retiree offloading more than $60,000 worth of cryptocurrency assets, according to CNBC.

Addressing the system error this week, Coinbase said via Reddit that it is "crediting a small number of users who were adversely affected by this incident with $100USD worth of BTC."

In its statement provided to ISMG, Coinbase says, "We are not disclosing the amounts credited to impacted customers and remain laser focused on gaining back the trust of every one of our customers who was impacted by those notifications."

If every affected user received $100 worth of cryptocurrency, however, it would cost the exchange $12.5 million.

On the same Twitter thread announcing the error, several users replied with complaints about the exchange's customer service.

Ongoing Trust Issues

The incident could create user trust issues for Coinbase, says Roger Grimes, data-driven defense evangelist for the security firm KnowBe4.

"Anyone who accidentally sold their cryptocurrencies should be able to repurchase them fairly quickly without too much valuation damage," he says. "But this is more about a sense of ongoing trust. … I assume [Coinbase is] putting in strong controls to prevent [this] from ever happening again. Then, the long-term reputational damage should be minimal."

Solana Blockchain Incident

In other cryptocurrency exchange news, the Bitrue exchange announced Tuesday that it detected a flaw on the Solana blockchain, which it says hackers used to attack the exchange and several others, including Binance, on Aug. 26.

Bitrue said it identified and thwarted the attack, which attempted to merge a Solana Program Library sub-wallet, or SPL, with the exchange's main Solana, or SOL, wallet, "to fool the exchange into thinking that a deposit of SPL tokens had been completed," Bitrue said in a statement.

The exchange says hackers completed several withdrawals - totaling $11,683 worth of tokens - in about 20 minutes, before the actions were identified and blocked by ceasing activities for SPL tokens.

"[After] a spike in raydium selloffs was noticed … [our security and technical] teams coordinated to work out what was happening, ban the hacker and prevent further losses," says Adam O'Neill, chief marketing officer for Bitrue.

A spokesperson for Solana says "this was not a zero-day bug, nor using any exploit in code running on the Solana Protocol."

On Friday, Solana tweeted: "We're aware of some exchanges encountering some issues with deposits and withdrawals of Solana related assets due to the recent network upgrade and are working closely with exchanges to resolve this. We expect this to be resolved shortly."

Bitrue re-enabled SPL transactions Wednesday after it determined it was "confident the exploit [had] been patched in the latest Solana update," O'Neill adds.

In a post to its site Tuesday, Binance said it temporarily halted deposits and withdrawals when the vulnerability was detected.

Julio Barragan, director of cryptocurrency intelligence at the blockchain security firm CipherTrace, says: "The exploit allowed the hacker to essentially double spend tokens due to a flaw in the way Solana wallets are set up. The hacker seemed to have targeted several exchanges with this exploit and some of the funds appear to have moved to Tornado Cash, a decentralized mixing service."

Bitrue's O'Neill notes: "Potentially, [this] allowed the attacker to generate infinite amounts of fake raydium. An infinite monetary supply being dumped on the exchange could have sent the price … to zero and the extent of damage to Bitrue would have been measured in the millions of dollars."

Bitrue states in a blog post: "We would like to remind our colleagues at other exchanges to investigate this exploit thoroughly to ensure that they did not lose any funds, and to remain vigilant against future attacks."

And in its separate statement, Bitrue's CSO, Robert Chang, says, "This event has justified our belief that heavy investment in proactive safety measures is a necessary goal for any major player in our industry."

Binance did not immediately respond to a request for additional information.


About the Author

Dan Gunderman

Dan Gunderman

News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covers governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.