Thousands of Coinbase users received letters last week informing them that monies had been taken from their accounts during an assault earlier this year.
Threat actors took money from the accounts of at least 6,000 consumers between March and May 20, 2021, according to a data breach notification letter filed with the California Attorney General by the cryptocurrency trading platform.
The American corporation claims that “you were a victim of a third-party campaign to acquire unlawful access to Coinbase clients’ accounts and take consumer assets off the Coinbase network.”
According to Coibase, the attack was complicated, and it could only have been carried out if the attackers had prior knowledge of the victim’s email address, password, and phone number associated with their Coinbase account. The attackers also required access to the victim’s email account.
The information does not appear to have come from Coinbase itself, according to the cryptocurrency exchange.
“While we are unable to conclusively determine how these third parties obtained access to this information,” Coinbase explains, “this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”
The attackers also used a flaw in the exchange platform’s SMS Account Recovery process to get SMS two-factor authentication tokens and gain access to the target accounts, according to the platform. To prevent additional exploitation, Coinbase has modified its SMS Account Recovery methods.
“Funds equal to the value of the currency wrongfully withdrawn from your account at the time of the incident will be deposited into your account. “We will ensure that all customers affected receive the full value of what you lost,” Coinbase states. Some customers have already been refunded.
The platform also acknowledges that the breach resulted in the exposure of users’ personal information. Full names, residences, birth dates, email addresses, IP addresses, account holdings and balances, and transaction history were all accessible to the attackers.
“The third party who accessed your account may have modified your account’s email, phone number, or other information. The bitcoin exchange ends, “We are striving to restore any modified emails or phone numbers to their original status prior to the unlawful activity.”
Users of Coinbase should switch from SMS to a more secure two-factor authentication technique and update their passwords for both their exchange account and their email account.