On Sunday 24, Coinbase revealed a hack to the California Department of Justice. The disclosure says that between March and May 20, 2021, malicious actors hacked into the accounts of up to 6,000 customers via a vulnerability in SMS multi-factor authentication.
Find out how smart money plays the crypto game. Subscribe to our premium newsletter – Crypto Investor.
Coinbase claims that in order to gain access to these accounts, these hackers were given access to the email addresses, passwords, and phone numbers associated with the Coinbase accounts. Coinbase states that they are unable to determine exactly how hackers gained access to this information, but that this is usually done through phishing or social engineering techniques.
Fortunately, Coinbase has said that those who have been exposed to these hacks will be fully reimbursed and the company has already set up a dedicated support number.
“We will deposit funds into your account equal to the value of the currency improperly withdrawn from your account at the time of the incident. Some customers have already been refunded – we will ensure that all affected customers receive the full value of what you have lost. “
This means those who have been exposed may already be aware and have been contacted by Coinbase. Personal information that has been disclosed during the process includes full names, email and personal addresses, birthdays, IP addresses, transaction histories, holdings and account balances.
A company spokesperson told Insider they found a large-scale phishing campaign showing “particular success in bypassing spam filters on some older email services.”
Coinbase is now strongly encouraging more robust methods of account authentication other than SMS and password changes. It is still unclear the amount and dollar value of the lost cryptocurrency or who is responsible.
This story is developing.