Coinbase is one of the top ten biggest cryptocurrency exchanges by 24-hour volume in the world. It provides services to over 68 million users and has a market cap of around $65 billion according to CNBC. Unfortunately, that makes it a pretty attractive target for cybercriminals, and it has recently come to light that 6000 Coinbase customers have had money stolen from their accounts.
The crypto exchange sent out a notification detailing the hack to customers affected by it.
“Unfortunately, between March and 20 May 2021, you were a victim of a third-party campaign to gain unauthorised access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. At least 6 000 Coinbase customers had funds removed from their accounts, including you,” reads the message.
The message goes on to explain that these kinds of attacks typically involve hackers finding some way to acquire login credentials from victims, like through phishing. Coinbase notes that it has yet to discover any evidence that these credentials were leaked from someone within the company itself.
Even with initial login information on-hand, attackers would still have had to bypass additional authentication measures to access customers’ accounts. The company does specify that the attackers took advantage of its account recovery process in order to receive an SMS two-factor authentication token from accounts whose additional authentication was set up that way.
In response, the crypto exchange updated this system to prevent further breaches.
Additionally, Coinbase advised customers using an SMS-based authentication system to change their authentication method to something stronger. Or at least different.
The company is currently working with law enforcement to root out those responsible for the attack. It is also in the process of reimbursing all affected customers the full amount they lost in the attack.
However, the ride isn’t over for affected clients just yet. By accessing users’ Coinbase accounts, attackers would have been able to see an unsettling amount of personal information, such as full names, home addresses, IP addresses, email addresses, and more. In light of this, the company recommends that affected individuals assess all of their online security.
“We also strongly encourage you to change the password on your Coinbase account to a new, strong and unique password that you do not use on any other site. Because the third parties needed access to your personal e-mail account as part of this incident, we strongly encourage you to change your password in the same way for your e-mail account and for any other online accounts where you use a similar password.”
Source: IT Web