Coinbase hack sees thousands of users' accounts drained

News
By published

Coinbase admits thousands of users saw crypto funds stolen, but promises to reimburse

Cryptocurrencies
(Image credit: Lordowski / Shutterstock)

Coinbase has sent out breach notification letters to over 6000 users admitting they might have lost funds in a months-long campaign against the cryptocurrency exchange.

In the letter, the company said attackers took advantage of a flaw in Coinbase’ two-factor authentication (2FA) mechanism to carry out several assaults between March and May 20, 2021.

“As soon as Coinbase learned of this issue, we updated our SMS Account Recovery protocols to prevent any further bypassing of that authentication process,” notes Coinbase in the notification letter.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Even as the exchange is investigating the incident, it has decided to reimburse all customers by depositing funds equal to the cryptos stolen from their accounts.

Complex campaign

Sharing more details, Coinbase said that attackers would have required certain information associated with the customers account, such as their phone numbers, and login credentials.

The issue has been brewing for some time now. Unconfirmed reports of hackers accessing and draining the cryptocurrency wallets of Coinbase customers first surfaced in August. Then in September, the company had to reassure its users that the email they received about the change in their 2FA settings were sent erroneously.

While the exchange has admitted that it is “not able to determine conclusively how these third parties gained access to this information,” if it were to guess it’d say the details were inadvertently leaked by the customers as part of an elaborative and affective phishing campaign.

“Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” explained Coinbase.

In addition to reimbursing the funds, Coinbase will provide free credit monitoring service to customers, as it suggests users to use a different 2FA mechanism besides SMS-based one, and cycle the password of their Coinbase account, as well as of the associated email address.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Avast cybersecurity
Zapier tells customers their data may have been accessed
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Adapt X modular laptop

One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
See more latest
Most Popular
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18&quot;
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases
A bloodied Mark staring at an off-screen Helly as Gemma screams at him from behind an exit door in Severance season 2 episode 10
Severance season 3: everything we know so far about the wildly popular Apple TV+ show's next chapter