While members of the crypto community are doubtful the lawsuit against Coinbase will be successful, it has sparked a conversation about the issues with SMS 2FA.
The crypto community is debating whether SMS two-factor authentication (2FA) should be used for account security after news broke that a Coinbase customer was suing the cryptocurrency exchange for $96,000.
On Mar. 6 Jared Ferguson sued Coinbase in the United States District Court for the Northern District of California, claiming that he lost “90% of his money” when money was withdrawn from his account by identity thieves and Coinbase refused to refund him.
Ferguson is believed to be a victim of a form of identity theft known as SIM-swapping, which allows fraudsters to control phone numbers by tricking telecom providers into linking the number to their own SIM card. This allows them to pass any SMS 2FA to the account, and this condition would have allowed them to approve the withdrawal of $96,000 from Ferguson’s Coinbase account.
Ferguson said he was out of service after his phone went dead on May 9 and discovered the money had been withdrawn from his Coinbase account after he got a new SIM card and restored his service as instructed by his carrier T-Mobile. T-Mobile was first sued by a SIM card switcher in February 2021, following the theft of approximately $450,000 worth of Bitcoin BTC ($22,434). Coinbase denied any responsibility for Ferguson’s hack, telling him in an email that it is “responsible for the security of your email, passwords, 2FA codes, and devices”.
Members of the crypto community are generally sceptical that Ferguson’s case will be successful, noting that Coinbase favors the use of authentication tools for 2FA rather than SMS and describes the latter as the “lowest” form of authentication.
Some Reddit users discussing the case in a post titled “Don’t use SMS 2FA” went on to suggest that SMS 2FA should be banned, but they said it’s just one of the many authentication options. many jobs, as one user said:
“Unfortunately, most of the services I use don’t offer 2FA Authenticator. But I think the messaging system has proven to be dangerous and should be banned.
Blockchain security company CertiK warned about the dangers of using SMS 2FA in September 2022, with its security expert Jesse Leclere telling Cointelegraph in an interview that “SMS 2FA is better than anything, but it’s the easiest form of 2FA right now.”
Leclere said that a dedicated authentication tool like Google Authenticator or Duo offers all the advantages of using SMS 2FA and eliminates the risk of SIM switching. Reddit users share similar advice, but the built-in scanners on the phone also make the device a single point of failure and are recommended to use different hardware scanners.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up