The cryptocurrency community is debating whether SMS two-factor authentication (2FA) should be used for account security following news that a Coinbase customer has sued the exchange. of cryptocurrencies for USD 96,000.
On March 6, Jared Ferguson filed a lawsuit against Coinbase in the United States District Court for the Northern District of California, alleging that he had lost “90% of his life savings” after identity thieves removed funds from his account. account and Coinbase refused to refund them.
Apparently, Ferguson was the victim of a type of identity theft known as “SIM swapping,” which allows scammers to gain control of a phone number by tricking the telecommunications provider into linking the number to their own SIM card. .
This allows them to forward any 2FA SMS into one account, and in this situation he allegedly allowed them to confirm the withdrawal of $96,000 from Ferguson’s Coinbase account.
Ferguson claimed he lost service after his phone was hacked on May 9, and he realized the funds had been withdrawn from his Coinbase account after he got a new SIM card and restored his service. according to the instructions of your T-Mobile service provider.
T-Mobile was already sued by a SIM-switching victim in February 2021 following the theft of approximately $450,000 worth of bitcoin (BTC).
Coinbase denied any responsibility for the hack of Ferguson’s account, telling you in an email that you are “responsible for the security of your email, your passwords, your 2FA codes and your devices.”
Members of the cryptocurrency community generally doubted that Ferguson’s lawsuit would succeed.noting that Coinbase encourages the use of authenticator apps for 2FA over SMS and describes the latter as the “least secure” form of authentication.
I’m guessing his password was compromised because it was used on other sites, one of which got breached. Also, Coinbase encourages Authenticator app for 2FA by labeling it “secure” and SMS as “moderately secure”.
— Dave Ferguson (@_sc0rn) March 7, 2023
I assume your password was compromised because it was used on other sites, one of which was breached. Additionally, Coinbase encourages the Authenticator app for 2FA by labeling it “secure” and SMS as “moderately secure.”
Some Reddit users discussing the lawsuit in a post titled “Never use 2FA over SMS” went so far as to suggest that it should be banned, but noted that it was the only authentication option available for many services.as one user said:
“Unfortunately, many of the services I use still don’t offer 2FA per Authenticator. But I definitely think the SMS approach has proven to be unsafe and should be banned.”
Blockchain security company CertiK warned of the dangers of using 2FA over SMS in September; its security expert Jesse Leclere told Cointelegraph that “2FA over SMS is better than nothing, but it is the most vulnerable form of 2FA currently in use.”
Leclere said that Dedicated authentication apps like Google Authenticator or Duo offer almost all the convenience of using SMS 2FA, while eliminating the risk of SIM swapping.
Reddit users shared similar advice, but added that authenticator apps on phones also make that device a single point of failure, and recommended the use of separate hardware authenticator devices.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.