6,000 Coinbase Customers Had Funds Stolen This Spring

6,000 Coinbase Customers Had Funds Stolen This Spring

October 1, 2021

Key Takeaways

  • 6,000 Coinbase users were the victim of theft this spring.
  • Attackers likely gained user information through a phishing attack, though Coinbase admitted to a flaw in its 2FA system.
  • Coinbase has compensated the users affected.

At least 6,000 Coinbase customers were the victims of theft this spring, according to a newly available breach notification letter.

Attackers Likely Used Phishing Attacks

Coinbase’s letter explains that between March and May 2021, attackers gained unauthorized access to 6,000 accounts.

The attackers did so by obtaining email addresses, passwords, and phone numbers, and by gaining access to email inboxes.

Coinbase suggested that this was likely accomplished through phishing attacks against the victims, as opposed to a breach that accessed Coinbase’s own user databases.

“We have not found any evidence that these third parties obtained this information from Coinbase itself,” the exchange said.

However, Coinbase did admit to a “flaw in [its] SMS Account Recovery process” that allowed the attackers to complete two-factor authentication (2FA) and access user accounts.

Once attackers gained access to user accounts, they were able to transfer cryptocurrency funds to their own wallet addresses.

Coinbase Users Have Been Compensated

Coinbase expressed plans to compensate users and said that “some customers [had] already been reimbursed” by the time the letter was sent. It also set up a dedicated phone support line.

In a statement to Reuters, a Coinbase spokesperson implied that the issue has largely been resolved. “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” they said.

In August, CNBC and other news outlets reported that Coinbase had failed to provide support after hackers stole user funds. It is unclear whether these incidents are related.

The exchange has not revealed the amount of funds that may have been stolen, either in fiat currency or in Bitcoin.

Disclaimer: At the time of writing this author held less than $75 of Bitcoin, Ethereum, and altcoins.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source: Read Full Article