- America’s largest exchange suffered a massive security breach that affected over 6,000 customers of the platform.
- The breach was a result of hackers taking advantage of the company’s two-factor authentication procedure.
- Coinbase has faced criticisms from its users for its lackluster customer service and the SEC in recent weeks.
Coinbase has disclosed that its users were victims of a large-scale hack that affected over 6,000 accounts of the platform. The exchange heaps the blame on either phishing attacks or social engineering techniques to gain access to private user details.
Coinbase revealed details of its security breach in a letter that was posted on the website of California’s Attorney General and was also sent to affected users of the platform. Information gleaned from the letter reveals that the breach occurred between March and May 20, 2021, and resulted in the transfer of funds from user accounts to wallets that were unassociated with the exchange.
Coinbase stated that for the hackers to be able to access user accounts, they had to get a hold of sensitive data belonging to the users. The company posits that the cybercriminals were able to gain this information through phishing or social engineering techniques to make users unwittingly reveal these personal details. Coinbase goes on to absolve itself by stating that they “had not found any evidence that these third parties obtained this information from Coinbase itself.”
Despite attempts at deflecting blame, the company noted that there was a flaw in its SMS Account Recovery process that allowed the hackers to receive SMS notifications that enabled them to gain access to the user account. Coinbase has received severe criticism from users for its shoddy customer service and has also come under heavy fire by the SEC for its proposed lending product.
Coinbase Attempts To Make It Right
Although Coinbase did not disclose the amount pilfered during the breach, it has stated that it will reimburse users for the losses that they suffered due to the incident. The firm announced that it had updated its SMS Account Recovery protocols to prevent the future occurrence of such an incident.
The exchange has taken the extra mile to set up a dedicated phone line for users that were directly affected and might have questions surrounding the incident. Credit monitoring will be made available to users if such a service is available in their jurisdiction.
Users have been advised to upgrade from SMS 2FA to the more secure time-based one-time password (TOTP) and also change their account passwords to a unique and strong one that is not used on any other site. At this moment, investigations are in full swing with law enforcement agents to bring the cybercriminals to book.