Coinbase
-
Blog
Coinbase to fix 2FA account activity entry freaking out users
Coinbase is fixing a misleading account activity message that has caused confusion and anxiety, making users think their credentials were compromised. Over the past couple of weeks, numerous people have contacted BleepingComputer about concerns that they think Coinbase has a serious security issue. After receiving Coinbase phishing emails or texts, they logged into their accounts and checked the activity log,…
Read More » -
Blog
Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but…
Read More » -
Blog
Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. The emails have a subject of “Migrate to Coinbase Wallet” and state that all customers must transition to self-custodial wallets. The email also provides instructions on how to download the legitimate Coinbase Wallet.…
Read More »