Coinbase customers.

About the Hack

According to the letter posted on the Attorney General of California’s website, the hack occurred between March and May 20, 2021. The letter seen by states that unauthorized third parties identified and exploited a vulnerability in the SMS account recovery process of Coinbase and were able to gain access to the accounts. They transferred funds to crypto wallets that weren’t associated with the exchange, Coinbase clarified.

In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account, the letter stated.

Coinbase’s Response

A spokesperson of Coinbase stated on Friday that the company immediately fixed the flaw and is working to reimburse the customers for the funds they have lost and help them regain control of their accounts.

Screenshot of the letter sent by Coinbase:

Hackers exploit 2FA flaw to steal funds of 6000 Coinbase users

Hackers exploit 2FA flaw to steal funds of 6000 Coinbase users

The letter further states that depending on what information users have in their account, the “third party” who accessed their Coinbase account would have been able to view the following information:

  • Full name
  • Date of birth
  • IP addresses
  • Email addresses
  • Home addresses
  • Account balance
  • Account holdings
  • Transaction history

The exchange aims to deposit funds into the customers’ accounts “equal to the value of the currency improperly removed from your account at the time of the incident.”

Furthermore, Coinbase Inc. has initiated an internal investigation as well as working closely with law enforcement to find out who’s behind the hacking.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Posted by Charlie