Coinbase says 6,000 customers had their accounts breached
- Coinbase announced recently that threat actors accessed the accounts of 6,000 customers and stole funds.
- The threat actors exploited a flaw in Coinbase’s SMS recovery process to access accounts.
- Coinbase says there has been a surge in the level of phishing attacks.
Crypto exchange Coinbase reported that threat actors took advantage of its SMS account recovery process to infiltrate users accounts.
The report revealed that the threat actors accessed crypto funds from 6,000 Coinbase accounts, although the financial value of the theft was not disclosed.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
This is not the first time Coinbase has suffered a breach. Earlier this year, hackers succeeded in bypassing its multi-factor authentication (MFA) feature, but the exchange reported that the damage was curtailed.
Coinbase Suspects a Phishing Attack
Coinbase said the attackers had access to the user’s phone number, email address, and password, which is how they were able to steal the funds. While Coinbase isn’t sure how the attackers got these details from the users, the exchange pointed out that the vulnerability in the account recovery process possibly let the attackers in.
Coinbase also says it suspects that the attackers used phishing methods to get the personal details of the targeted victims, leading to the theft of their funds.
The exchange announced that the hacking incident occurred between March and May this year. It has already sent notifications to the affected customers and reported the incident to the California state Attorney General’s office.
A Surge in The Success Rate of Phishing Attacks
Before Coinbase’s announcement of the attack, the exchange warned earlier this week about the increasing level of phishing attacks. It noted that threat actors are recording higher success rates in such type of attack and users need to be extra careful with their passwords.
The company’s security team stated that it has seen a rise in Coinbase-branded phishing messages. Some of these attacks are recording high levels of success when it comes to bypassing spam filters of older email services.
To help users understand what they are dealing with, Coinbase has provided some samples of the phishing attack emails it has seen. Coinbase has received a fair share of criticism for its poor customer service after affected customers were not able to reach the company’s support staff. As a result, thousands of customers have made their frustration known on various social media platforms.