• bitcoinBitcoin (BTC) $ 67,733.00
  • ethereumEthereum (ETH) $ 3,274.93
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 594.23
  • solanaSolana (SOL) $ 150.61
  • usd-coinUSDC (USDC) $ 1.00
  • staked-etherLido Staked Ether (STETH) $ 3,268.15
  • xrpXRP (XRP) $ 0.544856
  • dogecoinDogecoin (DOGE) $ 0.171450
  • the-open-networkToncoin (TON) $ 6.74
  • cardanoCardano (ADA) $ 0.507359
  • shiba-inuShiba Inu (SHIB) $ 0.000025
  • avalanche-2Avalanche (AVAX) $ 38.67
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 67,734.00
  • bitcoin-cashBitcoin Cash (BCH) $ 530.54
  • tronTRON (TRX) $ 0.113887
  • polkadotPolkadot (DOT) $ 7.16
  • chainlinkChainlink (LINK) $ 15.03
  • matic-networkPolygon (MATIC) $ 0.759538
  • litecoinLitecoin (LTC) $ 85.77
  • internet-computerInternet Computer (ICP) $ 13.57
  • nearNEAR Protocol (NEAR) $ 5.74
  • uniswapUniswap (UNI) $ 7.88
  • leo-tokenLEO Token (LEO) $ 5.77
  • daiDai (DAI) $ 1.00
  • aptosAptos (APT) $ 10.12
  • ethereum-classicEthereum Classic (ETC) $ 29.11
  • first-digital-usdFirst Digital USD (FDUSD) $ 1.00
  • mantleMantle (MNT) $ 1.21
  • blockstackStacks (STX) $ 2.69
  • crypto-com-chainCronos (CRO) $ 0.137652
  • filecoinFilecoin (FIL) $ 6.66
  • cosmosCosmos Hub (ATOM) $ 8.98
  • bittensorBittensor (TAO) $ 518.66
  • stellarStellar (XLM) $ 0.113432
  • vechainVeChain (VET) $ 0.044545
  • okbOKB (OKB) $ 55.82
  • arbitrumArbitrum (ARB) $ 1.16
  • render-tokenRender (RNDR) $ 8.10
  • hedera-hashgraphHedera (HBAR) $ 0.085729
  • immutable-xImmutable (IMX) $ 2.15
  • kaspaKaspa (KAS) $ 0.125918
  • dogwifcoindogwifhat (WIF) $ 2.80
  • makerMaker (MKR) $ 2,944.43
  • the-graphThe Graph (GRT) $ 0.267849
  • pepePepe (PEPE) $ 0.000006
  • optimismOptimism (OP) $ 2.42
  • injective-protocolInjective (INJ) $ 26.77
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • theta-tokenTheta Network (THETA) $ 2.32
  • fetch-aiFetch.ai (FET) $ 2.22
  • wrapped-eethWrapped eETH (WEETH) $ 3,376.89
  • moneroMonero (XMR) $ 124.81
  • fantomFantom (FTM) $ 0.748505
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,609.29
  • thorchainTHORChain (RUNE) $ 5.59
  • galaGALA (GALA) $ 0.048580
  • lido-daoLido DAO (LDO) $ 2.02
  • arweaveArweave (AR) $ 27.32
  • bitget-tokenBitget Token (BGB) $ 1.27
  • celestiaCelestia (TIA) $ 9.73
  • ethenaEthena (ENA) $ 1.19
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,335.17
  • suiSui (SUI) $ 1.23
  • flokiFLOKI (FLOKI) $ 0.000158
  • algorandAlgorand (ALGO) $ 0.188858
  • flowFlow (FLOW) $ 1.01
  • quant-networkQuant (QNT) $ 103.90
  • bitcoin-svBitcoin SV (BSV) $ 76.83
  • sei-networkSei (SEI) $ 0.554688
  • jupiter-exchange-solanaJupiter (JUP) $ 1.07
  • aaveAave (AAVE) $ 96.03
  • coredaoorgCore (CORE) $ 1.61
  • beam-2Beam (BEAM) $ 0.026518
  • neoNEO (NEO) $ 19.31
  • bittorrentBitTorrent (BTT) $ 0.000001
  • whitebitWhiteBIT Coin (WBT) $ 9.18
  • ribbon-financeRibbon Finance (RBN) $ 1.37
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,255.61
  • flare-networksFlare (FLR) $ 0.033520
  • ordinalsORDI (ORDI) $ 60.31
  • nervos-networkNervos Network (CKB) $ 0.027885
  • ecasheCash (XEC) $ 0.000061
  • zebec-protocolZebec Network (ZBCN) $ 0.023235
  • tokenize-xchangeTokenize Xchange (TKX) $ 14.71
  • ondo-financeOndo (ONDO) $ 0.802071
  • bonkBonk (BONK) $ 0.000017
  • elrond-erd-2MultiversX (EGLD) $ 42.76
  • wormholeWormhole (W) $ 0.628106
  • axie-infinityAxie Infinity (AXS) $ 7.90
  • singularitynetSingularityNET (AGIX) $ 0.871865
  • jasmycoinJasmyCoin (JASMY) $ 0.023083
  • the-sandboxThe Sandbox (SAND) $ 0.492334
  • dydx-chaindYdX (DYDX) $ 2.34
  • tezosTezos (XTZ) $ 1.09
  • starknetStarknet (STRK) $ 1.46
  • conflux-tokenConflux (CFX) $ 0.269692
  • havvenSynthetix Network (SNX) $ 3.16
  • chilizChiliz (CHZ) $ 0.116094
  • eosEOS (EOS) $ 0.883867
  • gatechain-tokenGate (GT) $ 7.52
  • roninRonin (RON) $ 3.21
  • worldcoin-wldWorldcoin (WLD) $ 5.39
  • kucoin-sharesKuCoin (KCS) $ 10.00
  • msolMarinade staked SOL (MSOL) $ 177.53
  • pyth-networkPyth Network (PYTH) $ 0.632130
  • cheeleeCheelee (CHEEL) $ 16.44
  • decentralandDecentraland (MANA) $ 0.495978
  • gnosisGnosis (GNO) $ 351.49
  • mina-protocolMina Protocol (MINA) $ 0.830722
  • heliumHelium (HNT) $ 5.30
  • aerodrome-financeAerodrome Finance (AERO) $ 2.11
  • akash-networkAkash Network (AKT) $ 3.63
  • pancakeswap-tokenPancakeSwap (CAKE) $ 3.23
  • iotaIOTA (IOTA) $ 0.253814
  • apecoinApeCoin (APE) $ 1.30
  • kavaKava (KAVA) $ 0.753550
  • dexeDeXe (DEXE) $ 13.76
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,297.91
  • echelon-primeEchelon Prime (PRIME) $ 20.71
  • frax-etherFrax Ether (FRXETH) $ 3,250.99
  • nexoNEXO (NEXO) $ 1.32
  • klay-tokenKlaytn (KLAY) $ 0.202336
  • sats-ordinalsSATS (Ordinals) (SATS) $ 0.00000035
  • usddUSDD (USDD) $ 0.997620
  • dydxdYdX (ETHDYDX) $ 2.33
  • aioz-networkAIOZ Network (AIOZ) $ 0.660166
  • axelarAxelar (AXL) $ 1.14
  • swethSwell Ethereum (SWETH) $ 3,431.22
  • pups-ordinalsPUPS (Ordinals) (PUPS) $ 88.62
  • mantra-daoMANTRA (OM) $ 0.868518
  • bitcoin-goldBitcoin Gold (BTG) $ 39.94
  • corgiaiCorgiAI (CORGIAI) $ 0.002025
  • lido-staked-solLido Staked SOL (STSOL) $ 176.98
  • oasis-networkOasis Network (ROSE) $ 0.101783
  • osmosisOsmosis (OSMO) $ 1.02
  • illuviumIlluvium (ILV) $ 103.54
  • fraxFrax (FRAX) $ 0.999097
  • radixRadix (XRD) $ 0.061022
  • blurBlur (BLUR) $ 0.414283
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000107
  • based-brettBrett (BRETT) $ 0.072634
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,482.37
  • dymensionDymension (DYM) $ 3.80
  • astarAstar (ASTR) $ 0.108502
  • pendlePendle (PENDLE) $ 6.29
  • altlayerAltLayer (ALT) $ 0.485051
  • woo-networkWOO (WOO) $ 0.317923
  • theta-fuelTheta Fuel (TFUEL) $ 0.090087
  • tether-goldTether Gold (XAUT) $ 2,345.13
  • iotexIoTeX (IOTX) $ 0.061165
  • curve-dao-tokenCurve DAO (CRV) $ 0.481990
  • wemix-tokenWEMIX (WEMIX) $ 1.59
  • book-of-memeBOOK OF MEME (BOME) $ 0.010167
  • fasttokenFasttoken (FTN) $ 1.79
  • xdce-crowd-saleXDC Network (XDC) $ 0.039768
  • manta-networkManta Network (MANTA) $ 2.21
  • staked-frax-etherStaked Frax Ether (SFRXETH) $ 3,519.10
  • 1inch1inch (1INCH) $ 0.463758
  • ocean-protocolOcean Protocol (OCEAN) $ 0.883733
  • mx-tokenMX (MX) $ 5.35
  • skaleSKALE (SKL) $ 0.100710
  • stepnGMT (GMT) $ 0.265769
  • true-usdTrueUSD (TUSD) $ 1.00
  • enjincoinEnjin Coin (ENJ) $ 0.354835
  • ether-fiEther.fi (ETHFI) $ 4.43
  • memecoin-2Memecoin (MEME) $ 0.032053
  • zilliqaZilliqa (ZIL) $ 0.027362
  • project-galaxyGalxe (GAL) $ 4.74
  • apenftAPENFT (NFT) $ 0.00000049
  • ankrAnkr Network (ANKR) $ 0.047724
  • ravencoinRavencoin (RVN) $ 0.034661
  • terra-luna-2Terra (LUNA) $ 0.683282
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.12
  • siacoinSiacoin (SC) $ 0.008197
  • qtumQtum (QTUM) $ 4.42
  • celoCelo (CELO) $ 0.871087
  • ethereum-name-serviceEthereum Name Service (ENS) $ 14.69
  • rocket-poolRocket Pool (RPL) $ 22.45
  • 0x0x Protocol (ZRX) $ 0.540155
  • polymeshPolymesh (POLYX) $ 0.437246
  • holotokenHolo (HOT) $ 0.002551
  • compound-wrapped-btccWBTC (CWBTC) $ 1,359.37
  • ethereum-pow-iouEthereumPoW (ETHW) $ 4.19
  • biconomyBiconomy (BICO) $ 0.591307
  • raydiumRaydium (RAY) $ 1.67
  • pax-goldPAX Gold (PAXG) $ 2,384.02
  • amp-tokenAmp (AMP) $ 0.007732
  • frax-shareFrax Share (FXS) $ 5.46
  • superfarmSuperVerse (SUPER) $ 0.935261
  • aelfaelf (ELF) $ 0.573968
  • stader-ethxStader ETHx (ETHX) $ 3,344.37
  • jeo-bodenJeo Boden (BODEN) $ 0.597765
  • basic-attention-tokenBasic Attention (BAT) $ 0.276051
  • golemGolem (GLM) $ 0.409527
  • origintrailOriginTrail (TRAC) $ 1.00
  • jito-governance-tokenJito (JTO) $ 3.46
  • livepeerLivepeer (LPT) $ 12.51
  • casper-networkCasper Network (CSPR) $ 0.032537
  • safepalSafePal (SFP) $ 0.838126

Hacker Exposes Leak of Two-Factor Authentication Codes

0 27

Hacker Exposes Leak of Two-Factor Authentication Codes

  beincrypto.com 1 h

Hacker Exposes Leak of Two-Factor Authentication Codes

A security researcher has discovered an unprotected database governing access to services from some of the world’s biggest tech companies. The database belongs to a short message service (SMS) routing operator responsible for sending two-factor authentication (2FA) codes to users of Meta, Google, and possibly crypto firms.

The researcher, Anurag Sen, found that the company’s YX International database was exposed without a password on the public internet. Anyone who knew the public internet protocol (IP) address could view the data.

Users Affected by Two-Factor Authentication Leak

YX International sends security codes to people logging into platforms belonging to Meta, Google, and TikTok. The company ensures that users’ messages are routed speedily through mobile networks across the globe. Among the messages it sends are security codes that form part of a two-factor authentication scheme many large companies use to protect user accounts.

Some service providers, like Google, can send an SMS code to verify a user’s authenticity after entering a password. Other authentication options include generating a code from an authenticator app to complement a password.

Hacker Exposes Leak of Two-Factor Authentication Codes

Red Box Shows Weak Point of SMS 2FA Authentication | Source: All Things Auth

While two-factor authentication seeks to improve security, it is not a silver bullet. Accordingly, crypto exchange Coinbase warns that 2FA is a minimum security measure, but it is not foolproof. Hackers can still find a way to steal funds from crypto wallets.

“While 2FA seeks to improve security, it is not foolproof. Hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include phishing attacks, account recovery procedures, and malware. Hackers can also intercept text messages used in 2FA,” Coinbase said.

Criminals Are Using These Methods to Beat 2FA

Last year, reports of criminals bypassing 2FA on Apple devices emerged. A hacker could access Apple’s cloud platform, iCloud, and replace a user’s phone number with their own. The scheme risked the funds in crypto wallet apps on Apple devices since some applications could have sent authentication codes to compromised phone numbers.

Criminals can also use SIM swaps to enact two-factor authentication crypto scams. In this line of attack, criminals convince mobile operators like AT&T or Verizon to transfer a phone number from the rightful owner to the fraudster. After that, the criminal only needs one other piece of information to access a self-custodial wallet app owned by the true owner of the phone number.

Given the surge in quantum technology, Apple recently improved the security of its Secure Enclave hardware device embedded in iPhones. The post-quantum cryptography scheme creates new keys every time a malicious actor compromises an old one.

This feature could help crypto wallet developers improve their clients’ crypto security by storing critical information in the Secure Enclave. So far, at least one vendor has already used the Secure Enclave to grant access to their wallet app.

BeInCrypto contacted Binance, the world’s largest cryptocurrency exchange, and Coinbase for comment on whether the XY International data leak affected their users. Neither company had responded by press time.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source

Leave A Reply

Your email address will not be published.