Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year.
Between March and May 20, 2021, threat actors diverted cryptocurrency from the accounts of at least 6,000 customers, the cryptocurrency exchange platform says in a data breach notification letter submitted with the California Attorney General.
“[Y]ou were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform,” the American company says.
The attack, Coibase explains, was a complex one, possible only if the attackers had prior knowledge of the victim’s email address, password, and phone number used for the Coinbase account. Furthermore, the attackers also needed access to the victim’s email inbox.
According to the cryptocurrency exchange, the information does not appear to have been obtained from Coinbase itself.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” Coinbase explains.
The exchange platform also notes that the attackers exploited a vulnerability in its SMS Account Recovery process to receive SMS two-factor authentication tokens and access the target accounts. Coinbase has since updated its SMS Account Recovery protocols to prevent further abuse.
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost,” Coinbase says.
The platform also admits that users’ personal information was compromised in the incident. The attackers were able to view full names, addresses, birth dates, email addresses, IP addresses, account holdings and balance, and transaction history.
“The third party who accessed your account may have changed the email, phone number, or other information associated with your account. We are working to restore any changed emails or phone numbers to their original state prior to the unauthorized activity,” the cryptocurrency exchange concludes.
Coinbase users are advised to switch from SMS to a more secure two-factor authentication method and to change the password for their account on the exchange platform, as well as for their email account.