Complete Story


After Coinbase Hack, Authentication Expert Says, 'We Should Be Moving To FIDO'

When hackers stole cryptocurrency from the accounts of 6,000 Coinbase customers between March and May of this year, the trading platform said the perpetrator used a familiar method: phishing.

The breach marked a classic example in which both factors — passwords and SMS confirmations — were compromised, as Simon Law, CEO at LoginID, said in a Monday (Oct. 4) interview with PYMNTS CEO Karen Webster.

In this case, a fake website that looked like Coinbase was able to dupe account holders and capture passwords from users who volunteered them, Law said. The perpetrators then found out each person’s name and phone number, called their mobile operator and said they needed to add another chip to their account. “That’s how easy it is to get access to someone’s account,” Law said.

He added that in the past nine months, most crypto exchanges have removed SMS as an option, and regulators are also starting to consider removing SMS as a factor of authentication. “So, yeah, this is a good example,” Law said. “We should be moving to FIDO [for] a better experience and better security.”


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information