Earlier this month, BleepingComputer reported a massive issue affecting Coinbase customers: failed login attempts with incorrect passwords were mistakenly recorded as two-factor authentication failures in the Account Activity logs.
In other words, in an attacker attempted to access someone’s account with an incorrect password, error messages stating “second_factor_failure” or “2-step verification failed” were displayed.
In fact, such records indicate that the attacker has entered the correct username and password, but the login attempt was blocked by 2FA (e.g. after incorrectly entering a one-time code from an authenticator app).
As a result, many Coinbase customers concluded that the exchange itself was compromised because they used unique passwords, found no traces of malware on their devices, and other accounts weren’t affected. Some people even reset all their passwords multiple times and spent hours trying to determine whether their devices had been hacked.
Coinbase representatives explained to BleepingComputer that the Coinbase logging system was incorrectly attributing login attempts with incorrect passwords as “2FA failures,” even though the attackers hadn’t actually reached the 2FA stage.
This week, Coinbase released an update fixing this error, and now failed attempts to login into an account result in a correct message: “Password attempt failed”.
According to BleepingComputer, this fix is very important since attackers often use social engineering against Coinbase customers to gain access to their accounts and steal cryptocurrency. Furthermore, cybercriminals use mislabeled records in Account Activity logs to make victims think that their credentials were compromised. However, it wasn’t possible to verify such claims.
In the past Coinbase has repeatedly stated that it will never call or send text messages to its customers requesting them to change their passwords or reset two-factor authentication. Such messages should be treated as nothing but scam.
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →