Coinbase – one of the largest and most popular cryptocurrency exchanges in the world – was the victim of a hack. It appears roughly 6,000 customers were affected between the months of March and May of this year.
Coinbase Compromised; Customers Lose a Lot of Dough
These customers of Coinbase had money stolen by the hackers. They also had their personal information exposed, such as their IP addresses, their birthdates, social security numbers, and their account balances. In a letter, Coinbase told affected customers the following:
In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor… We have not found any evidence that these third parties obtained this information from Coinbase itself. Even with the information described above, additional authentication is required to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to your account. Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.
Coinbase has been under the gun as of late considering it has gotten rid of its customer service department following the introduction of the coronavirus to global economies. As it turns out, many customers have experienced situations like this in which they lost money or had funds stolen at the hands of hackers.
However, Coinbase allegedly told them that it was either not the company’s responsibility or the firm chose to ignore the individuals altogether. One couple from the United Kingdom claims to have lost more than $20,000 at the hands of the hackers. They were reportedly contacted by the cyberthieves through a phishing scam and were told the scammers worked for both Binance and Coinbase. They then proceeded to break into the couple’s wallet and move money without permission.
Getting the Money Back
The couple stated in an interview:
At first, we thought it might be some mistake or a glitch, but since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised, but all we got back was a password reset request.
Th exchange has set up an emergency hotline for anyone who has been affected. It says it has already compensated many of the hacked individuals and is now working with law enforcement to find out what happened.