Coinbase has released a breach notification letter this week saying that a minimum of 6,000 user accounts were victim to hackers. The exchange has stated that the breach took place between March and May of this year.
What We Know
The letter notes that unauthorized third parties exploited Coinbase’s SMS account recovery process and transferred user funds to accounts outside of Coinbase. However, the company added that in order to do so, those third parties needed to have email addresses, passwords and phone numbers – as well as email access.
Coinbase believes that users fell victim to a phishing attack, or some sort of equivalent, in order to have this information exposed, and that there was no evidence to support that the information was taken directly from Coinbase. The exchange states that account recovery protocols around SMS were updated after Coinbase discovered the issue.
The letter closes that some accounts have already been reimbursed and that all accounts would be fully compensated equal to any losses incurred. The letter was also posted on the California Attorney General website.
Since going public earlier in the year, COIN has faced substantial headwinds, with less-than-stellar stock market performance. | Source: NASDAQ: COIN on TradingView.com
Related Reading | Bitcoin Price Blasts Off With 10% Move, But Is This The Start Of More?
While the amount of hacked crypto has not been disclosed, Coinbase’s immediacy in restoring user funds is reassuring, but comes at a time where a number of stories have been hitting the headlines around hacks and vulnerabilities.
In recent days, Compound Finance issued a governance rule that had a small piece of faulty code that resulted in inappropriate token distribution, putting over $80M worth of COMP tokens at risk. Just a few days prior, DeFi protocol pNetwork lost over $12M to hackers.
It’s also not the first sticky situation for Coinbase recently, either. Last week, pressure from the Securities and Exchange Commission (SEC) was enough to totally sideline the company’s anticipated interest-generating product, Lend. That came just a few weeks after a blog post and corresponding long-winded tweet thread from Coinbase CEO Brian Armstrong, expressing frustration in communications with the SEC, and describing the agency as “sketchy.”
Crypto’s safety and security has substantially improved over time, but that doesn’t mean that no one is vulnerable. Our team at NewsBTC reminds you to always use two-factor authentification, ideally via an authenticator, never share your seed phrase, use platforms that you trust, and be on the lookout for suspicious emails that may be trying to phish.
Featured image from Pexels, Charts from TradingView.com