Last week, Coinbase's (NASDAQ: COIN) multi-factor authentication SMS option experienced a vulnerability that affected at least 6,000 of the major exchange's customers, according to a notification letter sent to affected customers and filed with the California attorney general's office.
Between March and May 20, hackers used a flaw in Coinbase's account recovery process to obtain the SMS two-factor authentication token to break into customers' accounts and drain crypto funds out of them. The bad actors also gained access to the email address, password, and phone number associated with each Coinbase account. Coinbase said it believes the hacker stole those credentials via a phishing scheme instead of from Coinbase itself.
A spokesperson said: "We took immediate action to mitigate the impact of the campaign by working with external partners to remove phishing sites as they were identified, as well as notifying the email providers impacted."
Coinbase noted it is compensating customers for the stolen funds and recommended that users switch from SMS to a more secure version of multi-factor authentication like an authentication app or hardware security key. The vulnerability exploit is one of the largest breaches in Coinbase's history.
Here is the rest of the week in review:
U.S. Federal Reserve Chairman Jerome Powell said he does not intend the central bank to ban cryptocurrencies but argued stablecoins need more regulatory oversight. Testifying before the House Final Committee on Thursday about the Federal Reserve's pandemic response, Powell was asked several questions about crypto. Rep. Ted Budd requested Powell clarify statements he had made during a July hearing that the development of a U.S. central bank digital currency could undercut the need for private crypto and stablecoins. When asked if he intended to ban or limit the use of crypto, Powell replied: "I have no intention to ban them." Asked about stablecoins, Powell compared them to money market funds or bank deposits: "They're to some extent outside the regulatory perimeter, and it's appropriate that they be regulated. Same activity, same regulation." However, Treasury Secretary Janet Yellen confirmed the Department aims to move forward with new rules that would require banks to report annual inflows and outflows from all accounts with over $600, sparking concerns over privacy. She argued the regulations are needed to address an estimated $7 trillion tax gap that Americans are avoiding.
Decentralized finance (DeFi) staking protocol Compound mistakenly sent about $90.1 million worth of its COMP tokens to users and is requesting they return the free crypto. Robert Leshner, founder of Compound Labs tweeted Thursday: "If you received a large, incorrect amount of COMP from the Compound protocol error: Please return it... Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS, and most of you are doxxed." The price of COMP initially plunged nearly 13% in a day but has since recovered some. Compound rolled out a standard upgrade Wednesday, but something went wrong. Leshner explained that a new smart contract contained a bug that gave some users too many tokens. It remains unclear whether recipients will keep or return their extra tokens, but Leschner has walked back from the harsh IRS threat in order to try to salvage Compound's public image.
Crypto prices rose to $2.73 trillion this week. For the majors, all except stablecoins climbed, and Solana (SOL) and Binance Coin (BNB) posted outsized gains. In the top 100, the biggest losers were COMP, down 6.5%, IOST, down 4.7%, and CELO, down 1.2%. The biggest gainers were Axie Infinity (AXS), up a whopping 96%, OMG Network (OMG), up 83%, and QTUM, up 42%. Next week traders will see if Bitcoin (BTC) breaches $50,000.
The author owns a small amount of BTC.