6,000 Coinbase Customers Had Funds Stolen This Spring
Though individuals were targeted by phishing attacks, Coinbase admitted to a flaw in its 2FA system.
- 6,000 Coinbase users were the victim of theft this spring.
- Attackers likely gained user information through a phishing attack, though Coinbase admitted to a flaw in its 2FA system.
- Coinbase has compensated the users affected.
Share this article
At least 6,000 Coinbase customers were the victims of theft this spring, according to a newly available breach notification letter.
Attackers Likely Used Phishing Attacks
Coinbase’s letter explains that between March and May 2021, attackers gained unauthorized access to 6,000 accounts.
The attackers did so by obtaining email addresses, passwords, and phone numbers, and by gaining access to email inboxes.
Coinbase suggested that this was likely accomplished through phishing attacks against the victims, as opposed to a breach that accessed Coinbase’s own user databases.
“We have not found any evidence that these third parties obtained this information from Coinbase itself,” the exchange said.
However, Coinbase did admit to a “flaw in [its] SMS Account Recovery process” that allowed the attackers to complete two-factor authentication (2FA) and access user accounts.
Once attackers gained access to user accounts, they were able to transfer cryptocurrency funds to their own wallet addresses.
Coinbase Users Have Been Compensated
Coinbase expressed plans to compensate users and said that “some customers [had] already been reimbursed” by the time the letter was sent. It also set up a dedicated phone support line.
In a statement to Reuters, a Coinbase spokesperson implied that the issue has largely been resolved. “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” they said.
In August, CNBC and other news outlets reported that Coinbase had failed to provide support after hackers stole user funds. It is unclear whether these incidents are related.
The exchange has not revealed the amount of funds that may have been stolen, either in fiat currency or in Bitcoin.
Disclaimer: At the time of writing this author held less than $75 of Bitcoin, Ethereum, and altcoins.