Cryptocurrency exchange Coinbase disclosed this week that hackers stole from at least 6,000 of its customers.
Coinbase is currently one of the largest and most accessible trading platforms available to cryptocurrency enthusiasts. Unfortunately, this makes the exchange a high-profile target for bad actors with malicious intent.
This attack took place between April and May 2021, as per the copy of the letter posted on the website of California’s Attorney General. Hackers managed to exploit a flaw in the company’s two-factory SMS account recovery process, unauthorized third parties gained access to the accounts and after moved the funds to outside crypto wallets.
Coinbase informed impacted customers in the letter: “In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”
“We have not found any evidence that these third parties obtained this information from Coinbase itself. Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account. Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.”
Unfortunately, the breach is not the first incident for Coinbase. Earlier in 2019, the crypto exchange was forced to inform more than 3,400 users to an incident where registration info was stored in plain text logs. Around that same time, the crypto exchange reportedly thwarted a highly sophisticated attack that utilized compromised academic email addresses. This year, the exchange by the mistake sent 125,000 emails to users informing them that their two-factor authentication settings had been changed.
They have set up a phone support line at 1 (844) 613-1499 to help those who may have questions. They will also provide free credit monitoring for an undisclosed amount of time for those affected.
Coinbase noted that it is still investigating the incident and is speaking with law enforcement about the issue.
