Coinbase last week sent out notification letters to thousands of users to inform them that funds were stolen from their accounts during an attack earlier this year.
Between March and May 20, 2021, threat actors diverted cryptocurrency from the accounts of at least 6,000 customers, the cryptocurrency exchange platform says in a data breach notification letter submitted with the California Attorney General.
“[Y]ou were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform,” the American company says.
The attack, Coibase explains, was a complex one, possible only if the attackers had prior knowledge of the victim’s email address, password, and phone number used for the Coinbase account. Furthermore, the attackers also needed access to the victim’s email inbox.
According to the cryptocurrency exchange, the information does not appear to have been obtained from Coinbase itself.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” Coinbase explains.
The exchange platform also notes that the attackers exploited a vulnerability in its SMS Account Recovery process to receive SMS two-factor authentication tokens and access the target accounts. Coinbase has since updated its SMS Account Recovery protocols to prevent further abuse.
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost,” Coinbase says.
The platform also admits that users’ personal information was compromised in the incident. The attackers were able to view full names, addresses, birth dates, email addresses, IP addresses, account holdings and balance, and transaction history.
“The third party who accessed your account may have changed the email, phone number, or other information associated with your account. We are working to restore any changed emails or phone numbers to their original state prior to the unauthorized activity,” the cryptocurrency exchange concludes.
Coinbase users are advised to switch from SMS to a more secure two-factor authentication method and to change the password for their account on the exchange platform, as well as for their email account.
Related: Coinbase Users Face Ongoing Phishing Attacks
Related: Understanding the Cryptocurrency-Ransomware Connection
Related: Record Cryptocurrency Heist Valued at $600 Million

More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
