The Nasdaq-listed cryptocurrency exchange has revealed that at least 6,000 users have been victims of a hacking campaign to gain unauthorized access to Coinbase customer accounts. Hackers have also taken advantage of a flaw in Coinbase’s SMS account recovery process to gain access to user accounts.
Cryptocurrency of at least 6000 Coinbase customers stolen by hackers
Cryptocurrency exchange Coinbase reportedly notified more than 6,000 customers this week that their accounts had been hacked and funds removed. A copy of the letter is posted on the California Attorney General’s website. In the letter, the exchange explained:
Unfortunately, between March and May 20, 2021, I was the victim of a third party campaign to gain unauthorized access to Coinbase customer accounts and transfer customer funds outside the Coinbase platform. At least 6,000 Coinbase customers have had their funds removed from their accounts, including you.
The company said that in order to gain access to a Coinbase user account, hackers need to know the email addresses, passwords and phone numbers associated with the accounts, and have access to a personal email box. “This type of campaign typically includes phishing attacks or other social engineering techniques to trick the victim into inadvertently divulging login credentials to a bad actor.”
Coinbase also explained that “for customers using SMS for two-factor authentication, a third party took advantage of a flaw in Coinbase’s SMS account recovery process in order to receive an SMS two-factor authentication code and access your account.”
The exchange noted that once the hackers gained access to affected user accounts, “they were able to transfer your funds to crypto wallets that are not linked to Coinbase.”
The message also indicated that Coinbase updated its SMS account recovery protocols as soon as it became aware of the issue, adding:
We will deposit funds into your account equal to the value of the currency improperly removed from your account at the time of the accident. Some customers have already been compensated – we will ensure all affected customers get the full value of what they lost. You should see this reflected in your account no later than today.
The Nasdaq-listed cryptocurrency exchange also said it is conducting an internal investigation into the incident and the company is working closely with law enforcement to find the individuals behind the hack.
However, Coinbase insisted, “We have not found any evidence obtained by these third parties.” [user] Information from Coinbase itself.
What do you think of this security breach affecting more than 6000 Coinbase users? Let us know in the comments section below.
photo credits: Shutterstock, Pixabay, Wikicommons
disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the Company nor the author shall be liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.