Coinbase has informed more than 6,000 customers that they have been hacked. The hackers used an unusual vulnerability in the SMS account recovery process, which gave them access to personal information and wallets. The American crypto exchange already said that all customers affected will have the stolen assets refunded automatically.
According to the letter posted on the Attorney General of California’s website, the hack occurred between March and May 20, 2021. The letter seen by Hackread.com states that unauthorized third parties identified and exploited a vulnerability in the SMS account recovery process of Coinbase and were able to gain access to the accounts. They transferred funds to crypto wallets that weren’t associated with the exchange, Coinbase clarified.
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” the letter stated.
The hackers had previously secured e-mail addresses, passwords, and phone numbers associated with the impacted accounts, according to Coinbase’s letter.
The attacks reportedly happened between March and May 20th of 2021. Coinbase claims no evidence has been found suggesting that personal information was taken from the exchange itself.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” said Coinbase in the letter.
Although Coinbase did not disclose the amount pilfered during the breach, it has stated that it will reimburse users for the losses that they suffered due to the incident. The firm announced that it had updated its SMS Account Recovery protocols to prevent the future occurrence of such an incident.
The exchange has taken the extra mile to set up a dedicated phone line for users that were directly affected and might have questions surrounding the incident. Credit monitoring will be made available to users if such a service is available in their jurisdiction.
As reported before, a growing number of users of Coinbase have found their accounts on the platform empty after hackers managed to gain access to them and drain their cryptocurrency wallets. In addition, many customers were unable to reach Coinbase’s support after the incident occurred.
Since 2016, Coinbase users have filed more than 11,000 complaints against Coinbase with the United States Federal Trade Commission and Consumer Financial Protection Bureau.