News

Which Cryptocurrency Sites Are Impacted by Authy 2FA Security Exploit?

By Coin Fire

Last Updated: Jan 2, 2018

Sunday afternoon, security firm Sakurity disclosed a vulnerability found in the Authy 2 Factor authentication system. This vulnerability presents an interesting security hole that could lead to potential cryptocurrency thefts on sites using Authy two-factor authentication (2FA). Sakurity is based in Hong Kong and routinely performs penetration tests, source code audits, and vulnerability assessments.

The exploit allows a nefarious user to bypass the two-factor authentication process by simply typing “../sms” in the prompt for a 2FA key when attempting to login to an account secured with Authy.

Sakurity discovered the security hole on February 8th and reported the vulnerability to Authy. Authy immediately began to resolve the issue in their Authy software, but required that all sites using the Authy system update their software to address the issue.

Coin Fire has since tested several cryptocurrency sites in order to report which sites may be currently impacted by the security hole. Coin Fire contributors Brendon, Mike, and Leo attempted the exploit on their own accounts at various cryptocurrency sites.

Coinbase and ZenMiner have resolved the security issue on their sites. As of 2:30pm EDT on March 17th, PayBase has not fully resolved the issue on the PayBase website.

https://youtu.be/Iww944vqeno

While Authy can be used by end users on sites using Google Authenticator, only sites that are directly using the Authy-node system seem to be impacted. Other exchanges, such as Poloniex and Circle, were not impacted by this security issue.

A user attempting to falsely login to another user’s account must still have that individual’s initial login details.

Disclaimer Icon
Disclaimer
Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.
99Bitcoins may receive advertising commissions for visits to a suggested operator through our affiliate links, at no added cost to you. All our recommendations follow a thorough review process.

Free Bitcoin Crash Course

  • Enjoyed by over 100,000 students.
  • One email a day, 7 days in a row.
  • Short and educational, guaranteed!

Why you can trust 99Bitcoins

10+ Years

Established in 2013, 99Bitcoin’s team members have been crypto experts since Bitcoin’s Early days.

90hr+

Weekly Research

100k+

Monthly readers

50+

Expert contributors

2000+

Crypto Projects Reviewed

Google News Icon
Follow 99Bitcoins on your Google News Feed
Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now!
Subscribe now
Coin Fire

Coin Fire is a cryptocurrency news site started on June 6th of 2014. The site focused on hard-hitting investigative stories. Coin Fire was acquired by 99Bitcoins on October 2015. Read More

Back to top