Coinbase Adds New Security Layer To Protect Users
Coinbase, one of the largest and most popular crypto platforms in the market, has decided to improve its security. Although the firm has multiple layers of protection against attacks, most of these implementations remain invisible to users. Now, the company will be notifying users if they find users’ email address and password in a data breach.
Coinbase Increases Its Security
Attackers could simply attack different websites and obtain users’ information such as email and password. Once the attacker receives this information, he would then try using the username and passwords on other websites, including Coinbase.
Coinbase will notify users if they find users’ information in a breach or credential dump from another website. The company will also be proactively locking the account if that email or password combination is valid for the Coinbase account. In this way, the users will be able to change the credentials before they can be used by the attacker.
The platform uses an algorithm that is called bcrypt and that turns the plaintext password into a hash that is unique to the account of a specific user.
Coinbase explained about it:
“Because bcrypt is a “one-way” hash, nobody (including Coinbase) can decrypt it to figure out the underlying password. Instead, every time you log in, we run your password again to see if the same plaintext turns into the same hash. If it does, we allow you to log in.”
This same logic is applied when they test the credentials that they find online. They check to see if the email address belongs to a Coinbase user. If it does, they hash the exposed password through bcrypt. If it matches, the account will be locked and notify the user about this situation to change the password before the attacker could have access to it.
Using the same password for all your online accounts? Learn more about what we’ve implemented to protect our customers against credential stuffing attacks. https://t.co/mCa9ICvRJO
— Coinbase (@coinbase) April 9, 2019
There have been different attacks that were able to steal users’ credentials. Some of the attackers created fake websites that were used as phishing scams and that stole users’ information and credentials.
The cryptocurrency market has been affected by these kinds of attacks and many others. Earlier this year, the cryptocurrency exchange Cryptopia lost $2.7 million after being attacked by hackers.