Photo by Mika Baumeister on Unsplash https://unsplash.com/s/photos/hacker?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText https://unsplash.com/@mbaumi?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
Thousands of Coinbase customers are seeking reimbursements from the cryptocurrency trading platform after a phishing attack via a flawed two-factor authentication system gave hackers access to their accounts and stole their digital assets.
Coinbase announced on Oct. 1 that it had notified more than 6,000 customers about hackers getting access to their accounts and stealing their crypto. The theft happened between March and May 2021.
The hackers drained some accounts, according to an undated letter sent by Coinbase to customers. The letter was posted on the website of California Attorney General.
“We’re notifying those customers directly who lost funds as a result of this specific issue and helping to reimburse them for any loss that occurred during the attack,” Coinbase told PC Gamer in response to inquiries about the hacking incidence. “Please note, this reimbursement is limited to those customers we’ve confirmed were victims of this attack and lost funds as a result.”
It was not clear how much of the cryptocurrency was lost during the three-month-long hack.
In addition to reimbursing the funds, Coinbase said it will provide free credit monitoring service to customers. It suggested customers use a non-text-based two-factor-authentication mechanism and change the password of their Coinbase account and the password of the associated email address.
The trading platform explained that unauthorized third parties exploited a flaw in the company’s SMS (text) account recovery process to gain access to the accounts, and transferred funds to crypto wallets not associated with Coinbase.
Coinbase said it updated its SMS account recovery protocols as soon as it became aware of the problem and encouraged customers to secure their accounts with a time-based one-time password or a hardware security key.
“As soon as Coinbase learned of this issue, we updated our SMS Account Recovery protocols to prevent any further bypassing of that authentication process,” Coinbase said in the notification letter.
Unconfirmed reports of hackers accessing and draining the crypto wallets of Coinbase customers first surfaced in August. In September, the company had to reassure its users that an email they received about the change in their two-factor authentication settings was sent erroneously.
Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin as an investment asset including origin risk, speculative market structure, regulatory, and environment. Are broader financial markets in a massive speculative bubble?
