At Least 6,000 Coinbase Clients Robbed This Spring, Exchange Reimburses Losses

Coinbase Crime Cryptocurrency Security
Last updated:
Author
Author
Linas Kmieliauskas
Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Source: Coinbase

US-based crypto exchange giant Coinbase confirmed that between March and May 20th, 2021, a threat actor stole cryptocurrency from at least 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature, BleepingComputer reported, citing a Coinbase notification to customers.

Coinbase confirmed to Cryptonews.com that the notification is authentic.

In either case, on September 27, the exchange also confirmed that between April and early May 2021, their security team “observed a significant uptick in Coinbase-branded phishing messages targeting users of a range of commonly used email service providers.” Back then, the exchange said that “in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” However, no specific numbers were provided.

Meanwhile, per BleepingComputer, to conduct the attack, the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account. 

Also, Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account, the report said. Customers’ personal information was also exposed, including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances, it added.

Per the notification, Coinbase is depositing funds in affected accounts equal to the stolen amount and some customers have already been reimbursed.

Also, the exchange encouraged their clients to:

  • Use even stronger than SMS-based two-factor authentication, such as time-based one-time password (TOTP) or a hardware security key,
  • Change the password on your Coinbase account to a new, strong, and unique password that you do not use on any other site,
  • Monitor your personal accounts and free credit reports for any suspicious activity,
    consistent with best practices for the next 12-24 months.
     

____
Learn more: 
How to Prevent Crypto Theft – And Whom to Blame When It Does Happen 
SushiSwap’s MISO Suffers USD 3M Attack, Contract Thefts May Rise

A Tale of Two Hacks: Poly Hacker Bows Out, Liquid to Restore Operations 
Crypto Sector World’s 3rd Industry in Phishing Attacks Growth

More Articles

Blockchain News
Fireblocks Sets Up Tokyo Office to Strengthen Asia-Pacific Presence
Jai Pratap
Jai Pratap
2024-12-12 03:55:06
Blockchain News
Russian Scientists Say They’ve Developed a Solution to ‘Fight BTC, ETH-powered Crime’
Tim Alper
Tim Alper
2024-12-12 03:00:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors