US Cryptocurrency exchange Coinbase reported that over 6000 users on its platform were hacked.
The company revealed in a letter published on the website of California’s Attorney General that this incident happened between March and May this year and in involves at least 6,000 users having their accounts compromised.
In the letter, Coinbase wrote “Unfortunately, between March and May 20, 2021, you were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. At least 6,000 Coinbase customers had funds removed from their accounts, including you.”
Coinbase flawed system
According to Coinbase, the hack was able to happen because the hacker had prior knowledge of users email addresses, passwords, and phone number associated with their coinbase accounts and access to user’s email inbox.
This type of access is only possible according to Coinbase when hackers gain access credentials through phishing attacks or social engineering techniques which causes victims to submit login details without suspicion.
The company said this was not obtained from it rather and it alone would not be enough to take funds out of users wallet.
Instead, the hackers relied on a flaw in Coinbase’s SMS Account Recovery process in order to receive SMS two-factor authentication token to gain access to the affected accounts. And this was only for customers who used the SMS 2FA.
Coinbase’s Flawed System Patch; Reimburses Victims
The company said it had updated the SMS Account Recovery Protocol to prevent future attempts to gain access into users accounts through the protocol.
It also said it will be reimbursing all victims of the attack with the equivalent of the amount stolen.
Personal Information Exposed
The firm revealed that certain personal information of users were compromised in the attack and they include full name, home address, email address, date of birth, IP addresses on account activity, transaction history, account holdings, and balance. While these details have been changed in the accounts, it will work to restore any changed emails or phone numbers to their original state before the unauthorized access.
The Exchange didn’t reveal how much was stolen from users but encourage users to use stronger methods of securing their accounts and to change their email and coinbase account passwords.
What do you think of this story? Share your comments below.