Crypto exchange Coinbase says that bad actors have stolen crypto assets from at least 6,000 traders this year.
In a letter posted on the California Attorney General website, Coinbase says hackers took advantage of a flaw in the exchange’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to the funds, which they then transferred to wallets unassociated with the exchange.
The hackers had previously secured e-mail addresses, passwords, and phone numbers associated with the impacted accounts, according to Coinbase’s letter.
Coinbase claims no evidence has been found suggesting that personal information was taken from the exchange itself.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”
The attacks reportedly happened between March and May 20th of 2021.
Coinbase says they have updated their SMS Account Recovery protocols “to prevent any further bypassing of that authentication process.” The exchange also says they plan to fully reimburse customers.
The company adds that they are conducting an internal investigation and are working with law enforcement to determine who was behind the attack.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/unicro