According to the Coinbase blog published April 9, 2019, U.S. cryptocurrency exchange Coinbase is set to bolster its security measures with the implementation of multiple layers of protection against credential stuffing attacks.
The Need of the Hour
Exchange hacks have long plagued the burgeoning crypto industry, and the problem has only become more frequent in recent times.
As reported in January 2019, New Zealand-based exchange platform Cryptopia fell prey to hackers. On a more recent note, Singaporean cryptocurrency exchange DragonEX saw its security breached by cybercriminals.
Seeing the recent flurry of virtual attacks on crypto exchanges, many crypto exchanges have decided to tighten their security measures.
Per sources close to the matter, Coinbase has implemented a new security layer to protect its customers from phishing and scam attempts.
Starting today, each time a user creates a Coinbase account, their plain text password will be immediately converted into a string of gibberish known as a “hash” unique to their account.
Once the password is converted into a hash, Coinbase will use it in the future to authenticate the user’s password. If the password entered by the user converts to the same hash as previously generated, Coinbase will allow the user to log in.
If it does not, the user’s account will be locked.
This robust security measure is possible courtesy of an algorithm called bcrypt which is a “one-way” hash that no organization (including Coinbase) can decrypt to determine the user’s original plain text password.
Further, the exchange will also use the same functionality to safeguard its users against “credential stuffing attacks.”
For the uninitiated, credential stuffing attacks involve fraudsters collecting users’ email addresses and passwords and using them on different websites to gain access to sensitive online accounts.
Coinbase has announced that its security team will henceforth notify its users if it finds their email address and password in a data breach or “credential dump” from another website.
If the exchange finds that the same combination of email and password is currently valid for any of the users’ Coinbase account, it will immediately lock the compromised account. With the account frozen, users can rest assured that their crypto holdings will not fall into wrong hands. This also gives the user the chance to change their credentials and log in with a new password.
Exchanges Upping their Security Game
The latest security measure by Coinbase should hardly come as a surprise to cryptocurrency enthusiasts.
BTCManager reported on March 27, 2019, how Malta-based crypto exchange Binance partnered with IdenityMind to bolster its KYC and AML measures.
Similarly, the San Francisco-based exchange platform Kraken on March 28, 2019, made two factor-authorization (2FA) compulsory for all its users.