Encryption Swap Coinbase claims malicious actors have stolen crypto assets from at least 6,000 merchants this year.
In a letter posted to the California Attorney General’s website, Coinbase claims that the hackers took advantage of a loophole in the exchange’s SMS account recovery process to receive a two-factor authentication token via SMS and access the funds, which they then transferred. For wallets. not associated with the exchange.
The hackers had previously protected the email addresses, passwords and phone numbers associated with the affected accounts, according to the Coinbase letter.
Coinbase claims that no evidence has been found to suggest that the personal information was mined from the exchange itself.
“While we cannot conclusively determine how these third parties gained access to this information, this type of campaign often involves phishing attacks or other social engineering techniques to trick the victim into inadvertently revealing their credentials. connection to a criminal “.
The attacks reportedly took place between March and May 20, 2021.
Coinbase claims to have updated its SMS account recovery protocols “to avoid any deviation from this authentication process.” The exchange also says it intends to reimburse customers in full.
The company adds that it is conducting an internal investigation and is working with police to determine who is behind the attack.