Crypto exchange Coinbase says that bad actors have stolen crypto assets from at least 6,000 traders this year.
In a letter posted on the California Attorney General website, Coinbase says hackers took advantage of a flaw in the exchange’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to the funds, which they then transferred to wallets unassociated with the exchange.
The hackers had previously secured e-mail addresses, passwords, and phone numbers associated with the impacted accounts, according to Coinbase’s letter.
Coinbase claims no evidence has been found suggesting that personal information was taken from the exchange itself.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”
The attacks reportedly happened between March and May 20th of 2021.
Coinbase says they have updated their SMS Account Recovery protocols “to prevent any further bypassing of that authentication process.” The exchange also says they plan to fully reimburse customers.
The company adds that they are conducting an internal investigation and are working with law enforcement to determine who was behind the attack.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/unicro