Saturday, 2 October 2021

Coinbase Hacked, Funds From Least 6,000 Customers Wiped Out

Coinbase customers affected recieved this email this morning:

Unfortunately, between March and May 20, 2021, you were a victim of a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform. At least 6,000 Coinbase customers had funds removed from their accounts, including you.

In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.

Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.

Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.

From a shareholder perspective, I think this is very egregious that this was happening around the time of the IPO, but they didn't disclose this until just now. This news was withheld and kept under wraps for months, and could be related to the heavy selling we've seen from company executives since the IPO back in April.

submitted by /u/ShotBot
[link] [comments]

source https://www.reddit.com/r/btc/comments/pzf9wk/coinbase_hacked_funds_from_least_6000_customers/

No comments:

Post a Comment