Tech

Sib cav dhau 2FA siv SMS tom qab sim-swapping tus neeg raug foob foob Coinbase

03/08/2023
Cov Xov Xwm Bitcoin Ethereum

Lub zej zog crypto tab tom sib cav seb SMS ob qhov kev lees paub qhov tseeb (2FA) puas yuav tsum tau siv rau kev ruaj ntseg ntawm tus as khauj tom qab cov xov xwm uas tus neeg siv khoom Coinbase tau foob qhov pauv pauv cryptocurrency rau $ 96,000.

Thaum Lub Peb Hlis 6 Jared Ferguson tau foob a kev sib foob tawm tsam Coinbase hauv Tebchaws Meskas Lub Tsev Hais Plaub rau Sab Qaum Teb ntawm California, thov nws poob "90% ntawm nws lub neej txuag" tom qab cov nyiaj tau raug rho tawm ntawm nws tus account los ntawm tus tub sab thiab Coinbase tsis kam them rov qab rau nws.

Ferguson tau hais tias tau poob rau cov neeg raug tsim txom los ntawm hom tub sab nyiag npe hu ua "sim-swapping," uas tso cai rau cov neeg dag ntxias kom tau txais kev tswj hwm tus lej xov tooj los ntawm kev dag ntxias tus kws kho mob hauv kev txuas tus lej rau lawv tus kheej SIM daim npav.

Qhov no tso cai rau lawv hla ib qho SMS 2FA ntawm ib tus as-qhauj, thiab hauv qhov xwm txheej no tau tso cai rau lawv kom paub meej tias kev rho tawm ntawm $ 96,000 los ntawm Ferguson's Coinbase account.

Ferguson tau lees tias nws poob kev pabcuam tom qab nws lub xov tooj raug nyiag thaum lub Tsib Hlis 9, thiab pom tias cov nyiaj tau raug coj los ntawm nws tus lej Coinbase tom qab tau txais daim npav SIM tshiab thiab rov kho nws cov kev pabcuam raws li cov lus qhia los ntawm nws tus neeg muab kev pabcuam T-Mobile.

T-Mobile yav dhau los sued los ntawm sim-swapping neeg raug tsim txom Thaum Lub Ob Hlis 2021, tom qab tub sab ntawm kwv yees li $ 450,000 tus nqi ntawm Bitcoin (BTC).

Coinbase tsis lees paub lub luag haujlwm rau kev nyiag ntawm Ferguson tus account, qhia nws hauv email tias nws yog "lub luag haujlwm rau kev nyab xeeb ntawm koj e-mail, koj cov passwords, koj 2FA cov lej, thiab koj cov khoom siv."

Related: Hacker xa rov qab cov nyiaj nyiag mus rau Tender.fi, tau txais $ 97K nqi zog

Cov tswv cuab ntawm lub zej zog crypto feem ntau tsis ntseeg tias Ferguson qhov kev foob yuav ua tiav, ceeb toom tias Coinbase txhawb kev siv cov ntawv pov thawj rau 2FA es tsis yog SMS thiab. piav qhia tom kawg li "tsawg kawg kev ruaj ntseg" daim ntawv ntawm authentication.

Qee cov neeg siv Reddit sib tham txog qhov kev foob hauv ib qho kev tshaj tawm hu ua "Tsis txhob siv SMS 2FA" mus kom deb li deb tau hais tias SMS 2FA yuav tsum yog. txwv, tab sis tau sau tseg tias nws tsuas yog qhov kev xaiv pov thawj nkaus xwb muaj rau ntau cov kev pabcuam, raws li ib tus neeg siv tau hais tias:

"Hmoov tsis muaj ntau cov kev pabcuam uas kuv siv tsis muaj Authenticator 2FA tsis tau. Tab sis kuv twv yuav raug hu xav tias SMS txoj hauv kev tau ua pov thawj tias tsis muaj kev nyab xeeb thiab yuav tsum raug txwv. "

Blockchain kev ruaj ntseg tuam txhab CertiK ceeb toom ntawm txaus ntshai ntawm kev siv SMS 2FA thaum lub Cuaj Hlis 2022, nrog nws tus kws paub txog kev ruaj ntseg Jesse Leclere qhia rau Cointelegraph hauv kev xam phaj tias "SMS 2FA zoo dua li tsis muaj dab tsi, tab sis nws yog daim ntawv tsis zoo tshaj plaws ntawm 2FA tam sim no siv."

Leclere tau hais tias muaj cov ntawv pov thawj zoo li Google Authenticator lossis Duo muaj ze li ntawm txhua qhov yooj yim ntawm kev siv SMS 2FA thaum tshem tawm qhov pheej hmoo ntawm kev sib pauv sim.

Cov neeg siv Reddit tau qhia cov lus qhia zoo sib xws tab sis ntxiv authenticator apps hauv xov tooj kuj ua rau cov cuab yeej ntawd ib qho kev ua tsis tiav thiab pom zoo kom siv cov khoom siv kho vajtse cais.