Coinbase is working to fix a misleading account activity message that has left many users worried that their accounts are under attack.
The message, which reads “2-step verification failed” or “second_factor_failure,” has been causing confusion, making people believe their credentials were compromised.
Over the past few weeks, users have reported receiving phishing emails and texts claiming to be from Coinbase. After logging into their accounts to check for suspicious activity, they found multiple failed login attempts listed—along with the alarming 2FA failure message and unfamiliar locations. This led many to think hackers had their passwords and were only stopped by two-factor authentication (2FA).
These incidents prompted users to reset passwords, scan for malware, and in some cases, suspect a breach at Coinbase—especially since they were using strong, unique passwords and had no signs of infection on their devices.
However, it turns out the error message is misleading. According to testing done by BleepingComputer, the “2-step verification failed” message can also appear when someone tries to log in with the wrong password, not just when a correct password is followed by an incorrect 2FA code. This mislabeling made users think attackers had their correct passwords, which wasn’t the case.
Frustrated users also voiced their concerns on Reddit, saying the vague error message led them to panic. One user commented, “To me the error means someone has the pw but not 2FA, but that’s not what it means. It should probably say ‘invalid password’ if that’s what is happening.”
Coinbase has confirmed they are reviewing the error message and plan to make it clearer in the future, though no exact timeline has been provided. The company also warned that scammers are using this misleading error in social engineering attacks to trick users into believing their accounts are compromised
