Earlier this month, BleepingComputer reported a massive issue affecting Coinbase customers: failed login attempts with incorrect passwords were mistakenly recorded as two-factor authentication failures in the Account Activity logs.
In other words, in an attacker attempted to access someone’s account with an incorrect password, error messages stating “second_factor_failure” or “2-step verification failed” were displayed.
In fact, such records indicate that the attacker has entered the correct username and password, but the login attempt was blocked by 2FA (e.g. after incorrectly entering a one-time code from an authenticator app).
As a result, many Coinbase customers concluded that the exchange itself was compromised because they used unique passwords, found no traces of malware on their devices, and other accounts weren’t affected. Some people even reset all their passwords multiple times and spent hours trying to determine whether their devices had been hacked.
Coinbase representatives explained to BleepingComputer that the Coinbase logging system was incorrectly attributing login attempts with incorrect passwords as “2FA failures,” even though the attackers hadn’t actually reached the 2FA stage.
This week, Coinbase released an update fixing this error, and now failed attempts to login into an account result in a correct message: “Password attempt failed”.
According to BleepingComputer, this fix is very important since attackers often use social engineering against Coinbase customers to gain access to their accounts and steal cryptocurrency. Furthermore, cybercriminals use mislabeled records in Account Activity logs to make victims think that their credentials were compromised. However, it wasn’t possible to verify such claims.
In the past Coinbase has repeatedly stated that it will never call or send text messages to its customers requesting them to change their passwords or reset two-factor authentication. Such messages should be treated as nothing but scam.
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024
According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →