Reddit user describes 2FA hack on Coss Exchange, over $850k stolen



A Reddit user has come out slamming Coss exchange for a security flaw he believes lost him a substantial amount of money on the exchange. The hackers managed to log into the clients account using brute force on 2FA and clear out most of the accounts assets.

In the detailed reddit post, user blockchainified describes the how his account was hacked using brute force entry which eventually by-passed his 2FA security measure on the exchange.

According to evidence supplied by the user, failed login attempts in the thousands streamed into his email account while he was sleeping, which finally was successful. The user also shows evidence that his account had full account security. Coss did send out an announcement stating that the users password was attained by the hacker, however this does not explain how they managed to get passed the 2FA.

While the user claims Coss exchange should be held responsible for the hack, Coss have been assisting the client in recovering what funds they can.

All-in-all the user claims that he lost 8 $BTC, 22 $ETH, and 11,700,00 $COSS. The user also had 19,000 $EOS which was unaffected due to the EOS Node being down.

The user says the security flaw is the fault of Coss and that they should be held responsible for the loss in funds stating “The Exchange should bear the sole responsibility for the accident if its internal vulnerability allowed the hacker to accomplish his/her brute force attack.”

The user also suggest that exchanges add an extra layer of security such as a trading password to offer better security. The user notes the only exchange that has such a feature is

The user appears to have lost between the region of $800,000. With other users also admitting that their accounts had been breached. However reddit being reddit, apparently the user has been hacked on Binance before.

Image from Gyazo|100%xauto

Image from Gyazo|100%xauto

Image from Gyazo|100%xauto

Image from Gyazo|100%xauto


A perfect example that even with 2FA enabled on the Exchange you can’t be 100% certain that funds are safe all the time.

Keep your funds safe! Use Cold Storage like Ledger Nano S or Trezor. If you have some loose money available, consider Vo1t .