Coinbase has revealed that it suffered a phishing attack that allegedly robbed at least 6000 of its users.
The hacking attack reportedly took place between March and May 2021, and the company said it has begun refunding the drained accounts.
Coinbase and the phishing attack
In a letter to users, crypto giant Coinbase explained that it had suffered a phishing attack between March and May 2021 and that hackers had robbed at least 6,000 of its users.
Specifically, here’s how it explains the phishing attack in the letter:
“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor”.
According to Coinbase, the hackers were able to obtain users’ login credentials and enter their wallets to make transfers.
Coinbase specifies that even those using two-factor authentication or 2FA account protection would still have been hacked due to a flaw in Coinbase’s SMS account recovery process.
Coinbase and the refund solution to the 6,000 affected users
Although it is unclear how the hackers got hold of the credentials of the platform’s users, Coinbase is promising a refund.
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost”.
At the moment, the total amount robbed and to be refunded has not been stated. The crypto giant is reportedly running an update on the SMS-based 2FA that should make it even stronger in protecting accounts.
Coinbase is urging users to change their passwords and use all the security measures suggested by the platform.
After various speculations, the phishing attack is now confirmed
The revelation of the phishing attack suffered by Coinbase is a confirmation of what was already claimed last August 2021.
At that time, many users with hacked Coinbase accounts had testified their disappointment. Among others, Tanja and Jared Vidovic reported that they had lost $168,000 in crypto assets, which were of course stored on Coinbase.
According to their account, the owners of the stolen accounts had received security alerts, and as soon as they accessed their account, they discovered that they had been robbed.