Coinbase is working with law enforcement to support its investigation into the individuals behind the hack.
Coinbase, the world’s second largest crypto exchange, has initiated a probe into a hack that left at least 6000 customers’ accounts drained of funds.
In a notice to affected customers, which was published on the website of California’s Attorney General, Coinbase said a third-party campaign to gain unauthorised access to the accounts of Coinbase customers occurred between March and May 2021. At least 6,000 Coinbase customers had funds removed from their accounts.
To execute the theft, hackers breached Coinbase’s SMS account recovery process and the two-factor authentication (2FA) function using phishing attempts, enabling them to gain access to passwords to access customer accounts before transferring funds to crypto wallets not associated with Coinbase.
Coinbase said the hackers needed access to email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and access to personal email inboxes.
This typically involves phishing attacks or other social engineering techniques to trick victims into unknowingly disclosing their login credentials, Coinbase said. “We have not found any evidence that these third parties obtained this information from Coinbase itself.”
Coinbase is reimbursing some of the affected customers who were victims of the hack but it has not yet recovered the lost funds.
Coinbase has advised customers currently using their SMS-based two-factor authentication to use stronger methods of securing their Coinbase accounts, such as time-based one-time password (TOTP) or a hardware security key.
Coinbase said it is been working closely with law enforcement to support its investigation into the individuals behind the incident.