Attack on Kevin Bass Exchange; 6,000 user accounts have been emptied
The digital currency exchange Coinbase announced that thousands of users’ accounts have been emptied in phishing attacks. According to statistics, just over 6,000 accounts have fallen victim to these attacks.
to the Report The Secret Base Exchange has announced that it will repay the funds of more than 6,000 customers whose accounts have been evacuated. The hack occurred as a result of a phishing operation and via SMS authentication. However, the Kevin Base exchange office stated that the hacker did not infiltrate the company’s servers.
Kevin Base, one of the largest digital currency exchanges, revealed that the funds of about 6,000 users have been “removed” from their accounts. This was the result of a phishing scam in which hackers used SMS-based authentication, which the company used to secure many accounts.
Reports of phishing scams were first reported in August, but details of the report were released when the company sent letters to users affected by the attack.
In the letter, Kevin Bass said the hackers first gained access to the victims ’email accounts and then used them to hack into users’ digital currencies. Although the Quinbase digital currency exchange uses a functional security feature called “two-factor authentication” for this purpose, the part that provided these services in the form of text messages was disrupted. In this case, users received a text message to confirm the transaction. The letter read:
However, in this case, customers who used SMS for two-step authentication, a third party used the defect in the account recovery process via SMSBasin SMS to receive a SMS containing a two-factor authentication password and Access your account.
Kevin Bass also said he was paying the people who lost the phishing attack and has already started the repayment process. The company did not comment on the total amount stolen by the hackers and did not disclose the amount.
Of course, this does not mean that Kevin Bass has been hacked, as the reports show, since the hackers did not infiltrate the company’s internal systems. Instead, the theft occurred because users were tricked into phishing attacks on their personal email account (which is a very common occurrence).
However, it is still unclear why this long period, from March to May, made Kevin Bass accept what happened. While the company described a sophisticated phishing scam in a post earlier this week, no information was released that the hackers had used the attack to successfully steal thousands of customers. Kevin Bass does not appear to have taken any specific action at the time of the attacks, even in the months that followed, to warn his users.
According to a spokesman for Kevin Bass, the company does not want to interfere in the work of law enforcement agencies investigating the incident:
Because of the scale, scope, and complexity of this action, we have worked with a wide range of partners, law enforcement agencies, and other stakeholders to understand the attack and develop harm reduction techniques. We did not feel comfortable disclosing them publicly until we were sure that the necessary measures would be able to prevent a successful recurrence of these attacks and would not jeopardize the integrity of law enforcement investigations.
The attacks appear to be of a global nature, as Kevin Bass wrote in a letter that he provided credit monitoring services in “your country of residence”.
Kevin Bass also urged users to use a more secure two-factor authentication method, such as an external hardware device or an authentication software, for added security.