- Was the Coinbase hack that affected 6,000 users in May really a hack?
- There has been some debate about the merits of the Coinbase hack, but one professor has said that it certainly was
- Adam Cochrane highlighted why the Coinbase hack was certainly a hack, although some users have been partly to blame
News of a Coinbase hack affecting some 6,000 users threatened to rock the market last Friday, but it quickly emerged that the action had taken place back in May and there was no reaction. As details of the incident emerged, plenty of people on crypto Twitter began to question whether it really had been a hack or whether users had just been too loose with their passwords and personal details. Others said that it was a hack because a part of the exchange still had to be compromised. Adam Cochrane, venture fund owner and Colorado Mesa University professor, put the argument to bed with a tweet thread after the event clarifying that, yes, it was a hack.
A lot of crypto people delivering a bad take here saying this wasn’t a hack.
It wasn’t a hack where someone gained direct access to Coinbase’s cold wallet but it was still a hack, because a piece of code Coinbase was running seems to have been the point of fault. https://t.co/qdm1wBdNIF
— Adam Cochran (@adamscochran) October 1, 2021
Coinbase Hack a Combination Caused by Exploit
Cochrane said that the Coinbase hack issue had been muddied because “It wasn’t a hack where someone gained direct access to Coinbase’s cold wallet” but that it should still be considered one because “a piece of code Coinbase was running seems to have been the point of fault.”
Cochrane noted that the hackers need user’s email addresses and passwords in order to exploit their wallets as well as an associated phone number and there is every indication that these were obtained separately before the hack. Could it turn out to be that Coinbase’s own storing of passwords in plain text was behind some of the data leaks?
“Pretty Big Security Oversight”
Having obtained this information, which Cochrane said could be down to a combination of poor personal security and information from other hacks/leaks, the hackers were able to “seemingly by-pass multi-factor authentication without being in control of the authentication device.” This, he adds, is where the hack element comes in, saying that “If that is accurate, that’s a pretty big deal and it is a hack.”
Cochrane summarized that the Coinbase hack amounted to “a pretty big security oversight” but that the hack had been “sensationalized”. It nevertheless acts as a reminder to have multiple email addresses and use a password generator to generate complex, unique passwords for each site.