At least 6,000 Coinbase users were robbed of their cryptocurrencies or fiat from March to May this year.
The accounts of 6,000 users were attacked on Coinbase
At the largest crypto exchange in the United States, hackers stole funds from approximately 6,000 users. The company has undertaken to pay the costs to all users concerned.
According to letter sent to affected customers, which was available on the California Attorney General’s website, exploits occurred somewhere between March and May 20 this year, when an unauthorized third party gained access to the accounts of at least 6,000 Coinbase clients and drew undisclosed funds from there.
The exchange explained that the security breach was possible because the perpetrators had e-mail addresses, passwords and a phone number for each account. Coinbase was unable to determine how “these third parties gained access to this information”. These types of activities usually involve phishing attacks or other social engineering techniques that “cause the victim to unknowingly disclose their credentials.”
However, even if offenders had access to the above information, they would still need additional authentication to access the accounts. However, two-factor authentication via SMS texts had a flaw that they could exploit. “A third party took advantage of errors in the Coinbase SMS account recovery process to receive a two-factor SMS authentication token and gain access to your account.”
The perpetrators eventually managed to transfer funds from the compromised accounts.
The exchange said it had upgraded its authentication and other security protocols. In addition, Coinbase has promised to return the funds to the affected accounts in full. Some customers have already received a refund and the rest should be compensated “today at the latest”.