Recent 2FA hacks
Posted: Sat Feb 08, 2025 4:58 am
There are several recent examples of 2FA being compromised. In August 2019, Twitter CEO Jack Dorsey’s account was hacked. 2FA protection did not prevent the attackers from posting a number of offensive messages on his account. A similar fate befell the cryptocurrency exchange Binance. As a result of the hack, it lost 7 thousand.
Many people think that compromising the 2FA system is a very difficult task. In fact, it is not. One of the easiest methods to hack authentication, especially in the US, is SIM swapping, where the attacker switches the target mobile phone number to a new number. This then receives all text messages, including SMS with 2FA verification codes, which gives the criminal access to the victim's payment and other systems.
Experts have also found that 2FA systems have been compromised by a number of malware programs. One of these is Cerberus, a type of Android-based malware. In February 2020, Cerberus was found to have bolivia mobile database to steal codes from Google Authenticator’s 2FA service. There is also TrickBot malware, which bypasses 2FA solutions by intercepting one-time codes sent by banking apps via SMS and push notifications.
Social engineering is also used to bypass 2FA protection. Attackers have learned to impersonate the target bank: in response to an attempt to connect to a bank profile, they ask the victim to “verify their identity” by revealing the secure code the bank has just sent them. “A lot of this stuff doesn’t require any real technical skills, and that’s really scary,” says Harding. “As the financiers joke, ‘You don’t need any technical skills to get into a bank account, you just need a little charm.’ The first cases we found of bypassing 2FA were actually related to social engineering.”
Many people think that compromising the 2FA system is a very difficult task. In fact, it is not. One of the easiest methods to hack authentication, especially in the US, is SIM swapping, where the attacker switches the target mobile phone number to a new number. This then receives all text messages, including SMS with 2FA verification codes, which gives the criminal access to the victim's payment and other systems.
Experts have also found that 2FA systems have been compromised by a number of malware programs. One of these is Cerberus, a type of Android-based malware. In February 2020, Cerberus was found to have bolivia mobile database to steal codes from Google Authenticator’s 2FA service. There is also TrickBot malware, which bypasses 2FA solutions by intercepting one-time codes sent by banking apps via SMS and push notifications.
Social engineering is also used to bypass 2FA protection. Attackers have learned to impersonate the target bank: in response to an attempt to connect to a bank profile, they ask the victim to “verify their identity” by revealing the secure code the bank has just sent them. “A lot of this stuff doesn’t require any real technical skills, and that’s really scary,” says Harding. “As the financiers joke, ‘You don’t need any technical skills to get into a bank account, you just need a little charm.’ The first cases we found of bypassing 2FA were actually related to social engineering.”