Coinbase erroneously reported 2FA changes to 125,000 customers
Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying: "Your 2-step verification settings have been changed." Unfortunately, the message was sent in error—by Coinbase's count, 125,000 of those messages were sent (via email and SMS text) to customers whose 2FA settings had not changed.
According to Coinbase's own acknowledgment Saturday, its system began sending the erroneous messages at 1:45 pm Pacific time on Friday and kept sending them until the error was mitigated at 3:07 pm.
In that Twitter thread, Coinbase acknowledges the mistaken 2FA messages' potential for confusion—confusion which retiree Don Pirtle told CNBC led him to panic-sell more than $60,000 of cryptocurrency. Pirtle was holding this large wallet as an investment for his grandson, so the panicked sale may have been as much blessing as curse—he now questions whether cryptocurrency was a safe investment in the first place. Coinbase says that the erroneous 2FA messages were the result of an internal error, not hacker activity. "All of a sudden, the system just started sending stuff like a bug in the system," Coinbase spokesperson Andrew Schmitt told CNBC, adding, "but it was not a malicious or third-party error."