The Nasdaq-listed cryptocurrency exchange Coinbase has revealed that at least, 000,000 users have been victims of hacking campaigns to gain unauthorized access to Coinbase customers’ accounts. Hackers took advantage of an error in Coinbase’s SMS account recovery process to gain access to the user’s account.
Cryptocurrency hackers have stolen at least 6,000 Coinbase customers
Cryptocurrency exchange Coinbase informed more than 1,000,000 customers this week that their accounts had been compromised and funds withdrawn. A copy of the letter has been posted on the California Attorney General’s website. In the letter, the exchange explained:
Unfortunately, between March and 20, 2021, you have been the victim of third party campaigns to gain unauthorized access to Coinbase customer accounts and to remove customer funds from the Coinbase platform. At least, 000,000 Coinbase customers have had their funds removed from your account, including you.
To access a user account on Coinbase, hackers need to know the email address, password and phone number associated with the accounts, and have access to a personal email inbox, the company said. “Such campaigns usually involve phishing attacks or other social engineering tactics so that a victim can unknowingly disclose a login certificate to a bad actor.”
Coinbase further explained that “for customers who use SMS text for two-factor authentication, third parties take advantage of Coinbase’s SMS account recovery process errors to obtain an SMS two-factor authentication token and gain access to your account.”
The exchange noted that once hackers entered the affected user’s account, they were able to “transfer your funds to a crypto wallet associated with Coinbase.”
The letter further stated that Coinbase had updated its SMS account recovery protocol as soon as it became aware of the issue, adding:
We will deposit funds in your account equal to the value of the currency unjustly deleted from your account at the time of the incident. Some customers have already been refunded – we will ensure that all customers get the full value of what you lost. It should be reflected in your account after today.
The Nasdaq-listed crypto exchange further said it was conducting an internal investigation into the incident and was working closely with law enforcement agencies to find the people behind the hack.
Nonetheless, Coinbase insisted, “We have not received any evidence of this third party receipt [user] Information from Coinbase. “
What do you think about this security breach affecting more than 6,000 Coinbase users? Let us know in the comments section below.
Image credit: Shutterstock, Pixabay, WikiCommons
Denial: This article is for informational purposes only. It is not a direct offer or request for a purchase or sale offer, nor is it a recommendation or approval of a product, service or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. The Company or the Author is not directly or indirectly responsible for any loss or damage caused by or in connection with the use or reliance on any content, product or service referred to in this article.