Earlier this month, BleepingComputer reported a massive issue affecting Coinbase customers: failed login attempts with incorrect passwords were mistakenly recorded as two-factor authentication failures in the Account Activity logs.
In other words, in an attacker attempted to access someone’s account with an incorrect password, error messages stating “second_factor_failure” or “2-step verification failed” were displayed.
In fact, such records indicate that the attacker has entered the correct username and password, but the login attempt was blocked by 2FA (e.g. after incorrectly entering a one-time code from an authenticator app).
As a result, many Coinbase customers concluded that the exchange itself was compromised because they used unique passwords, found no traces of malware on their devices, and other accounts weren’t affected. Some people even reset all their passwords multiple times and spent hours trying to determine whether their devices had been hacked.
Coinbase representatives explained to BleepingComputer that the Coinbase logging system was incorrectly attributing login attempts with incorrect passwords as “2FA failures,” even though the attackers hadn’t actually reached the 2FA stage.
This week, Coinbase released an update fixing this error, and now failed attempts to login into an account result in a correct message: “Password attempt failed”.
According to BleepingComputer, this fix is very important since attackers often use social engineering against Coinbase customers to gain access to their accounts and steal cryptocurrency. Furthermore, cybercriminals use mislabeled records in Account Activity logs to make victims think that their credentials were compromised. However, it wasn’t possible to verify such claims.
In the past Coinbase has repeatedly stated that it will never call or send text messages to its customers requesting them to change their passwords or reset two-factor authentication. Such messages should be treated as nothing but scam.
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years
Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →