Coinbase has resolved a bug in its account activity logs that mistakenly led users to believe their credentials had been compromised.
The issue, first reported by BleepingComputer, incorrectly labeled failed login attempts with wrong passwords as two-factor authentication (2FA) failures.
When threat actors tried to access accounts using incorrect passwords, Coinbase’s logs showed errors like “second_factor_failure” or “2-step verification failed,” implying that the correct password had been entered but the second authentication step had blocked the login. This caused widespread confusion, with many users fearing their accounts were breached despite having unique passwords and no signs of malware.
Coinbase confirmed the issue to BleepingComputer, explaining that login attempts failing at the password stage were mistakenly attributed to 2FA failures. The platform has since pushed an update, replacing the misleading messages with a clearer “Password attempt failed” label in the account activity logs.
The company acknowledged the importance of addressing bugs like this, as they can trigger unnecessary panic and open opportunities for social engineering attacks. Coinbase also reminded users that it never contacts customers via phone or text to request password or 2FA changes and urged everyone to remain vigilant against ongoing phishing and smishing campaigns.
