Approximately 6,000 Coinbase customers lost their cryptos, when they were stolen by hackers. Entry was gained by hackers when they exploited a vulnerability allowing them to bypass Coinbase’s SMS multi-factor authentication feature. According to BleepingComputer, citing a notification from Coinbase to its users, the incident took place between March and May 20, 2021.
The vulnerability helped the hackers to bypass Coinbase’s SMS multi-factor authentication feature. In fact, attackers just needed the customers’ email addresses, passwords, and phone numbers to steal their cryptocurrencies. “While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common. Additionally, banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts,” BleepingComputer commented.
The flaw allowed hackers to transfer funds to third-party wallets not associated with Coinbase. “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” a Coinbase spokesperson told Reuters. However, the US-listed company doesn’t believe that information was extracted from the firm itself as of press time.
Suggested articles
BrokerTested.com Deposited Over $150K with 33 Brokers to Test ThemGo to article >>
Victims Compensation
To compensate victims, Coinbase issued the following statement: “We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today.”
Still, it’s unclear if Coinbase will reimburse hacked customers with the stolen crypto or fiat currency, BleepingComputer noted. Recently, the US-listed cryptocurrency exchange announced that it would add phone support and deploy a series of measures to strengthen its customer support area at the end of the year.