The Nasdaq-listed cryptocurrency exchange Coinbase has revealed that a minimum of 6,000 users were victims of a hacking campaign to achieve unauthorized access to the accounts of Coinbase customers. The hackers conjointly took advantage of a flaw in Coinbase’s SMS Account Recovery method to achieve access to user accounts.
Cryptocurrencies of a minimum of 6,000 Coinbase Customers taken by Hackers
Cryptocurrency exchange Coinbase reportedly sent over 6,000 customers in the week that their accounts had been compromised and funds were removed. A replica of the letter is announced on the web site of California’s Attorney General. within the letter, the exchange explained:
“Unfortunately, between March and May 20, 2021, you were a victim of a third-party campaign to achieve unauthorized access to the accounts of Coinbase clients and move customer funds off the Coinbase platform. At least 6,000 Coinbase customers had funds from their accounts, including you.”
“In order to access a user account at Coinbase, the hackers are required to have the email addresses, passwords, and phone numbers connected to the accounts, and have access to a private email inbox, the company said . “This sort of campaign usually involves phishing attacks or alternative social engineering techniques to trick a victim into unwittingly revealing login credentials to a foul actor.”
Coinbase further explained that “for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery method so as to receive an SMS two-factor authentication token and gain access to your account.”
The exchange noted that after the hackers got into the affected user accounts, they were “able to transfer your funds to crypto wallets unassociated with Coinbase.”
The letter conjointly noted that Coinbase updated its SMS Account Recovery protocols as soon as it learned of the problem, adding:
“We will be depositing funds into your account to adequately the worth of the currency improperly off from your account at the time of the incident. Some customers have already been reimbursed — we’ll guarantee all customers affected receive the total price of what you lost. you must see this reflected in your account no later than today.”
The Nasdaq-listed crypto exchange jointly mentioned that it’s conducting an inside investigation into this incident and therefore the company is functioning closely with law enforcement to seek out the people behind this hack.
Nonetheless, Coinbase insisted, “We haven’t found any proof that these third parties obtained [user] info from Coinbase itself.”