Crypto exchange Coinbase reported that threat actors took advantage of its SMS account recovery process to infiltrate user accounts.
The report revealed that the threat actors accessed crypto funds from 6,000 Coinbase accounts, although the financial value of the theft was not disclosed.
Looking for quick news, tips, and market analysis? Sign up for the Invezz newsletter today.
This is not the first time that Coinbase has suffered a breach. Earlier this year, hackers managed to bypass its multi-factor authentication (MFA) feature, but the exchange reported that the damage was reduced.
Coinbase suspects a phishing attack
Coinbase said the attackers had access to the user’s phone number, email address, and password, which is how they were able to steal the funds. While Coinbase is not sure how the attackers obtained these details from users, the exchange noted that the vulnerability in the account recovery process possibly let the attackers in.
Coinbase also says that it suspects that the attackers used phishing methods to obtain the personal data of the targeted victims, leading to the theft of their funds.
The exchange announced that the hacking incident occurred between March and May of this year. He has already sent notifications to affected customers and reported the incident to the California State Attorney General’s office.
Increased success rate of phishing attacks
Before the announcement of the Coinbase attack, the exchange warned earlier this week of the increasing level of phishing attacks. He noted that threat actors are seeing higher success rates in this type of attack and users need to be very careful with their passwords.
The company’s security team stated that it has seen an increase in phishing messages with the Coinbase brand. Some of these attacks are having high levels of success when it comes to bypassing the spam filters of older email services.
To help users understand what they are dealing with, Coinbase has provided some samples of the phishing attack emails it has seen. Coinbase has received its fair share of criticism for its poor customer service after affected customers were unable to reach the company’s support staff. As a result, thousands of customers have made their frustration known on various social media platforms.
Invest in cryptocurrencies, stocks, ETFs, and more, in minutes with our preferred broker, eToro
67% of retail CFD accounts lose money