Connect with us

Hi, what are you looking for?



Hackers Stole Cryptocurrency From Thousands of Coinbase Accounts

Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year.

Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year.

Between March and May 20, 2021, threat actors diverted cryptocurrency from the accounts of at least 6,000 customers, the cryptocurrency exchange platform says in a data breach notification letter submitted with the California Attorney General.

“[Y]ou were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform,” the American company says.

The attack, Coibase explains, was a complex one, possible only if the attackers had prior knowledge of the victim’s email address, password, and phone number used for the Coinbase account. Furthermore, the attackers also needed access to the victim’s email inbox.

According to the cryptocurrency exchange, the information does not appear to have been obtained from Coinbase itself.

“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” Coinbase explains.

The exchange platform also notes that the attackers exploited a vulnerability in its SMS Account Recovery process to receive SMS two-factor authentication tokens and access the target accounts. Coinbase has since updated its SMS Account Recovery protocols to prevent further abuse.

Advertisement. Scroll to continue reading.

“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost,” Coinbase says.

The platform also admits that users’ personal information was compromised in the incident. The attackers were able to view full names, addresses, birth dates, email addresses, IP addresses, account holdings and balance, and transaction history.

“The third party who accessed your account may have changed the email, phone number, or other information associated with your account. We are working to restore any changed emails or phone numbers to their original state prior to the unauthorized activity,” the cryptocurrency exchange concludes.

Coinbase users are advised to switch from SMS to a more secure two-factor authentication method and to change the password for their account on the exchange platform, as well as for their email account.

Related: Coinbase Users Face Ongoing Phishing Attacks

Related: Understanding the Cryptocurrency-Ransomware Connection

Related: Record Cryptocurrency Heist Valued at $600 Million

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...