Monday, 15 April 2024

Crypto News

Debate over 2FA using SMS after sim-swapping victim sues Coinbase

Debate over 2FA using SMS after sim-swapping victim sues Coinbase

The crypto community is debating whether SMS two-factor authentication (2FA) should ever be used for account security following news that a Coinbase customer is suing the cryptocurrency exchange for $96,000.

On Mar. 6 Jared Ferguson filed a lawsuit against Coinbase in the United States District Court for the Northern District of California, claiming he lost “90% of his life savings” after funds were withdrawn from his account by identity thieves and Coinbase had refused to reimburse him.

Ferguson is said to have fallen prey to a type of identity theft known as “sim-swapping,” which allows fraudsters to gain control of a phone number by tricking the telecom provider into linking the number to their own sim card.

This allows them to bypass any SMS 2FA on an account, and in this situation allegedly allowed them to confirm the withdrawal of $96,000 from Ferguson’s Coinbase account.

Ferguson claimed he lost service after his phone was hacked on May 9, and noticed the funds had been taken from his Coinbase account after getting a new sim card and restoring his service as per instructions from his service provider T-Mobile.

T-Mobile was previously sued by a sim-swapping victim in Feb. 2021, following the theft of approximately $450,000 worth of Bitcoin (BTC).

Coinbase denied any responsibility for the hack of Ferguson’s account, telling him in an email that he is “responsible for the security of your e-mail, your passwords, your 2FA codes, and your devices.”

Related: Hacker returns stolen funds to, gets $97K bounty reward

Members of the crypto community were generally doubtful that Ferguson’s lawsuit would be successful, noting that Coinbase encourages the use of authenticator apps for 2FA rather than SMS and describes the latter as the “least secure” form of authentication.

Some Reddit users discussing the lawsuit in a post titled “Never Use SMS 2FA” went as far as suggesting SMS 2FA should be banned, but noted that it was the only authentication option available for many services, as one user said:

“Unfortunately a lot of services I use don’t offer Authenticator 2FA yet. But I definitely think the SMS approach has proven to be unsafe and should be banned.”

Blockchain security…

Click Here to Read the Full Original Article at News…