Coinbase is facing controversy over the use of SMS two-factor authentication (2FA) for account security following news that a customer is suing the cryptocurrency exchange for $96,000.
Jared Ferguson filed a lawsuit against Coinbase, claiming he lost “90% of his life savings” after funds were withdrawn from his account by identity thieves and Coinbase refused to reimburse him.
Ferguson is said to have fallen prey to a type of identity theft known as “SIM swapping,” which allows fraudsters to gain control of a phone number by tricking the telecom provider into linking the number to their own SIM card.
This allows them to bypass any SMS 2FA on an account, and allegedly allowed them to confirm the withdrawal of $96,000 from Ferguson’s Coinbase account.
Coinbase says it is not responsible for the breach of Ferguson’s account and that customers are solely responsible for protecting the confidentiality of their account information, including email, passwords, two-factor authentication credentials, and mobile devices.
The incident has reignited the debate over the security of SMS 2FA in the crypto community, with many experts pointing out that authenticator apps are a more secure form of authentication. Coinbase itself encourages the use of authenticator apps for 2FA and describes SMS 2FA as the “least secure” form of authentication.
Some members of the community expressed doubts that Ferguson’s lawsuit would be successful, arguing that Coinbase has clearly stated that SMS 2FA is not a secure form of authentication.
However, the incident serves as a warning to all cryptocurrency investors to prioritize security measures for their accounts. Experts advise using strong passwords, avoiding public Wi-Fi networks, and enabling two-factor authentication with authenticator apps or physical security keys.