Crypto exchange Coinbase has reportedly fixed a user interface error that incorrectly labeled failed password login attempts as "2-step verification failed" in account activity logs.

The mislabeling caused users to believe attackers had successfully used their passwords and were only stopped at the 2FA verification step, according to Lawrence Abrams, founder of cybersecurity-focused publication BleepingComputer, who identified the issue earlier this month.

The exchange has reportedly fixed the error by updating its system to show "Password attempt failed" when needed.

Per BleepingComputer, users reportedly spent hours checking their devices for malware and changing passwords because they took the notifications to mean that their accounts had been hacked.

Coinbase representatives did not immediately return Decrypt's request to confirm and comment on the matter.

Crypto UX challenges remain

Two-factor authentication (2FA) is a security process that makes your online accounts more secure by requiring at least two different ways to prove your identity before you can log in. It's one of a number of ways to protect your privacy online.

But when users encounter confusing interface elements, they may make wrong decisions in response.

In 1993, while working at Apple, Don Norman, founder of Nielsen Norman Group (NN/g), coined the term "user experience" to describe how a user can use apps "without fuss or bother."

According to the guidelines published by NN/g, error messages should use plain, understandable language.

The "cognitive complexity" of using crypto apps "represents a significant barrier" to crypto adoption, Alona Dobshynska, senior product manager at Collabera, wrote in a study on how to improve user experience in crypto apps.

Some 34.7% of crypto users classify themselves as "rookies" and show less confidence in managing their digital assets, according to a 2021 paper cited by Dobshynska, explaining why users protect their private keys in different ways.

"Crypto-asset users differ in their security and risk perceptions," the paper read.

Because users come from different levels of familiarity with crypto, their decisions and behavior affect how they practice their security, the researchers suggested.

The Coinbase UX incident is a case in point, illustrating how a small labeling mistake can set off security alarms among users—even though there was no real threat.