More than 6,000 Coinbase users’ money has been plundered and Coinbase claims it will refund them. A phishing effort that exploited SMS authentication was to blame for the intrusions. The hacker was unable to access any of the company’s servers because they were secure. According to Bleeping Computer, bad actors were able to compromise the accounts of approximately 6,000 Coinbase users and steal bitcoin.
According to the cryptocurrency exchange, between April and early May 2021, their security team discovered a large-scale phishing effort aimed at its customers. Some users may have unwittingly provided hackers with their usernames and passwords as a result of the spam emails. It got worse. Even those who had multi-factor authentication turned on had it turned off.
Coinbase’s Major Security Breach
With regards to recent phishing campaigns that saw hackers circumvent an SMS-based authentication feature the company used to secure many accounts, cryptocurrency giant Coinbase has revealed that “at least 6,000 Coinbase customers” had funds removed from their accounts because of the recent attack.
The phishing effort was initially brought to light in August, but the full extent of the attack was only revealed when a letter written by the business to those who had been targeted became public knowledge.
According to the letter, hackers were able to access the email accounts of victims and then exploit the stolen accounts to steal bitcoin from those individuals. The SMS version of Coinbase’s “two-factor authentication,” in which customers get a text message to authenticate a transaction, fell to the hackers despite the fact that it is a frequently utilized security feature.
Coinbase Will Refund Customers
The third party used a vulnerability in Coinbase’s SMS Account Recovery procedure to obtain an SMS two-factor authentication token and acquire access to your account for customers who utilize SMS texts for two-factor authentication. For its part, Coinbase claims it would compensate clients who have been victimized by this latest cyberattack and that it has already started making them whole. They didn’t say how much money the hacker(s) took in total.
With regards to SMS Account Recovery procedures, according to Coinbase’s client letter, the company immediately fixed them after learning of the problem. Everyone who has lost crypto as a result of the incident will be reimbursed. In the event that you were a victim of the attack, you’ll want to double-check the security of all your other accounts to make sure no one else has access to the sensitive information that was stolen.