On Sunday the 24th Coinbase disclosed a hack to the California Department of Justice. The disclosure states that between March and May 20, 2021, bad actors hacked the accounts of as many as 6,000 customers via a vulnerability in SMS multi-factor authentication.
Learn how smart money is playing the crypto game. Subscribe to our premium newsletter – Crypto Investor.
Coinbase claims that in order to access these accounts these hackers gained access to the email addresses, passwords and phone numbers associated with Coinbase accounts. Coinbase states that they are unable to determine exactly how the hackers managed to access this information but that this is typically done via phishing or social engineering techniques.
Fortunately, Coinbase has said that those who were exposed to these hacks will be fully refunded and the company has already set up a dedicated support number.
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost.”
This means that those who were exposed may already be aware and have been contacted by Coinbase. Personal information that has been released in the process includes full names, email and home addresses, birthdays, IP addresses, transaction histories, account holdings and balances.
A spokesperson for the company told Insider that they found a large-scale phishing campaign showing “particular success in bypassing the spam filters of certain, older email services.”
Coinbase is now strongly encouraging stronger methods of account authentication other than SMS and password changes. It is still unclear the amount and dollar value of the cryptocurrency lost or who is responsible.
This story is developing.