According to foreign media, Coinbase Exchange acknowledged in its latest blog post that a vulnerability in their system could cost Coinbase users a lot of money.
- Holding nearly a million BTC, revealing how the giant whale Coinbase manages them
- Coinbase opens "crazy coin mode", 17 new coins such as polkadot and filecoin are included in the list
- Coinbase: Bitcoin's correlation with traditional markets is temporary
- Coinbase blocked the Bitcoin network for 7 years? The bulk transaction is finally coming.
- Five members of the Libra Association join. Why does this startup compete with Facebook?
- Adding 5 million users in 10 months, the increase in new Coinbase users indicates that the bull market is back.
Last Friday's "post-event survey" showed that an error on the Coinbase registration page saved the client's information on the Coinbase internal web server log in clear text. Therefore, for the staff of the San Francisco-based cryptocurrency company, if the password is "123456", then they see "123456". Ideally, they should have been hashed into unreadable text.
Coinbase acknowledged that the vulnerability affected a total of 3,420 customers. The following are excerpts from their speeches:
"In the case of [very special] and rare errors, the registration form on the registration page does not load properly, which means that any attempt to create a new Coinbase account under these conditions will fail. Unfortunately, this also means The personal name, email address and suggested password (and residency status, if in the US) will be sent to our internal log."
The exchange said that the password and other details of the user who resubmitted the form were securely encrypted. Unfortunately, the 3,420 customers mentioned above accidentally logged their private data to the Coinbase server.
Coinbase discovered a password vulnerability: Coinbase, one of the largest exchanges in the cryptocurrency industry, discovered a vulnerability that could affect 3,420 users. According to a blog post by Coinbase, the registration page finally stores the user account registration information. – August 18, 2019, Nacho Sanzu© (@morodog
No user funds damaged report
Coinbase behaves like a good old man, putting this issue at the top of the list. The company claims that they tracked the entire storage line to confirm that no personal information was stored for any customers.
“We hosted an internal logging system in AWS, as well as a small number of log analytics service providers. Access to all of these systems was severely restricted and audited. We thoroughly checked access to these logging systems and found no Any unauthorized access to these data."
The company also reset passwords for affected customers. The company claims that passwords alone prevent potential hackers from stealing their bitcoins and explain that they protect each account with mandatory email and 2FA certification.
“We keep a very high standard to ensure the safety of the Coinbase platform. When we are slightly below these standards, we will mobilize a team to find out where the problem is and how to prevent it from happening again. We also believe in us. Our customers remain transparent, which is why we share our findings today."
Coinbase is still safe
At the time Coinbase issued this warning, institutional investors are taking concrete steps to include Bitcoin in their portfolio. However, considering that cryptocurrency allows hackers to steal billions of dollars worth of assets under their eyes, security is still one of their biggest concerns.
Coinbase has never been reported to have been hacked. The exchange has commercial and criminal insurance – the total amount exceeds the value of the digital currency it stores online.