How I bypassed 2FA of the Top Cryptocurrency Company

Ashish Dhone
2 min readMay 5, 2020

Introduction

This article is a write up on how I found a 2FA Bypass vulnerability at one of the Top Cryptocurrency Company, no matter your account is blocked or not this bypass works and you are into the account!!

What is Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your online accounts by asking for verification code after you sign in with your email address and password.

The verification code is generated by an application on your smartphone. To gain access to your account a potential attacker would need your email address, your password, as well as your phone.

Vulnerability exploitation

So this time my target was a Cryptocurrency company, Sorry I can't disclose the name of the company as it was as Private Program !!

This was an Android Application so I started my Emulator installed the application and started hunting for bugs. After some time I came across “Pin Code” which was asked every time when a user tries to log in to the account !!

I opened my burpsuite and started looking for the response after successfully validating the Pin Code.

  1. When a user login with correct…

--

--

Ashish Dhone
Ashish Dhone

Written by Ashish Dhone

Top Hacker’s Ranking in World | Best Bug Hunter @Microsoft MVR 2023 & 2024 @Apple 2022 @Google 2021 & 300+ | CRTP | LPT | CPENT | eWPTXv2 | CHFI | CEH | CVEs x4