Article Details
Scrape Timestamp (UTC): 2025-04-27 18:30:49.142
Original Article Text
Click to Toggle View
Coinbase fixes 2FA log error making people think they were hacked. Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failues in the Account Activity logs. When a threat actor attempted to access someone's account and used the wrong password, error messages stating "second_factor_failure" or "2-step verification failed" would be shown instead. These entries imply that a valid username and password were entered, but the log in was blocked by 2-factor authentication, such as entering the wrong one-time passcode from an authenticator app. Numerous Coinbase users contacted BleepingComputer with concerns that Coinbase had been breached as their passwords were unique to the site, there was no sign of malware, and no other accounts were affected. However, Coinbase confirmed to BleepingComputer that its logging system was incorrectly attributing login attempts with incorrect passwords as "2FA failures," even though the attackers had not successfully reached the 2FA stage. Coinbase has now pushed an update to fix this incorrect labeling so that "Password attempt failed" logs are shown in Account Activity instead. Bugs like this are essential to fix as they cause unnecessary panic, with users telling BleepingComputer that they had reset all of their passwords and spent hours trying to determine if their devices were compromsed due to this bug. These mislabeled entries could have also been used in social engineering attacks to convince users their account credentials were compromised, potentially allowing threat actors to gain sensitive information. Threat actors commonly target Coinbase customers in social engineering attacks to gain access to their accounts and drain the stored cryptocurrency. BleepingComputer was told that threat actors used these mislabeled error messages as part of such attacks but could not independently verify if that was true. However, ongoing campaigns use automated SMS phishing (smishing) attacks and voice calls to impersonate Coinbase and attempt to steal 2FA tokens or credentials, so all users should be wary. Coinbase has said in the past that they will never call customers or send text messages requesting they change passwords or reset two-factor authentication and that customers should treat all such messages as scams.
Daily Brief Summary
Coinbase resolved a bug that mislabeled failed login attempts as two-factor authentication (2FA) failures in user account activity logs.
Users were misled into thinking their accounts had been compromised, causing widespread concern and unnecessary panic among the platform's clientele.
The erroneous log entries suggested that correct usernames and passwords were used, but were blocked by 2FA, causing users to believe their secure credentials were at risk.
This glitch led to users resetting passwords and spending significant time investigating potential security breaches on their devices.
The mislabeled entries could potentially have been exploited in social engineering attacks, misleading users about the security status of their accounts.
Coinbase pushed an update to correct the log labels to accurately reflect "Password attempt failed" instead of suggesting a 2FA error.
Coinbase continues to caution its users against SMS phishing and voice call scams claiming to require sensitive information or security verification.
The company reassures that it never requests password changes or 2FA resets via unsolicited calls or texts, urging customers to treat such communications as fraudulent.