The Nasdaq-listed cryptocurrency exchange Coinbase has disclosed that at least 6,000 customers were victims of a hacking campaign to gain unauthorized entry to the accounts of Coinbase customers. The hackers also took benefit of a flaw in Coinbase’s SMS Account Recovery process to realize entry to user accounts.
Cryptocurrencies of at Least 6000 Coinbase Customers Stolen by Hackers
Cryptocurrency trade Coinbase reportedly informed over 6,000 customers this week that their accounts had been compromised and funds have been eliminated. A duplicate of the letter is posted on the website of California’s Attorney General. Within the letter, the exchange defined:
Unfortunately, between March and May 20, 2021, you were a sufferer of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. At least 6,000 Coinbase customers had funds removed from their accounts, including you.
In order to access a user account at Coinbase, the hackers needed to know the e-mail addresses, passwords, and phone numbers linked to the accounts, and have entry to a private e-mail inbox, the company mentioned. “This type of campaign usually entails phishing attacks or different social engineering techniques to trick a sufferer into unknowingly disclosing login credentials to a bad actor.”
Coinbase additionally explained that “for purchasers who use SMS texts for two-factor authentication, the third party took benefit of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
The exchange noted that after the hackers got into the affected user accounts, they were “able to transfer your funds to crypto wallets unassociated with Coinbase.”
The letter additionally noted that Coinbase updated its SMS Account Recovery protocols as quickly because it discovered the problem, including:
We will be depositing funds into your account equal to the value of the currency improperly eliminated out of your account on the time of the incident. Some customers have already been reimbursed — we’ll ensure all clients affected obtain the total worth of what you lost. You need to see this reflected in your account no later than today.
The Nasdaq-listed cryptocurrency exchange also mentioned that it’s conducting an internal investigation into this incident and the company is working closely with law enforcement to search out the people behind this hack.
Nonetheless, Coinbase insisted, “We have not discovered any proof that these third parties obtained person information from Coinbase itself.”