A suspected phishing attack has led to at least 6,000 of Coinbase’s users having cryptocurrency stolen from their accounts.
The Nasdaq-listed crypto exchange sent a breach notification letter to affected customers notifying them of the hack, which is believed who have taken place between March and 20 May this year.
The hackers gained access to users’ email addresses, passwords, and phone numbers, but Coinbase has said they cannot confirm how exactly this data was obtained.
“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox,” an excerpt from the letter reads.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.”
Although exactly how the hackers acquired users’ data is unknown, Coinbase did acknowledge that “the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account”.
The company has fixed this flaw and is now in the process of reimbursing the accounts that were stolen from.
This attack marks the latest in a string of recent hacks and impersonations against crypto-based businesses. With such a major exchange as Coinbase now being successfully infiltrated, security concerns surrounding the crypto industry are sure to re-emerge.
Want to learn more from executives at the heart of this space? The Blockchain IoT Solutions Congress, on November 2 2021, will explore the convergence of these two technologies and the use cases and industries that will benefit.