6,000 Coinbase accounts hacked, 'including you'
13:00, 4 October 2021
Coinbase has notified at least 6,000 users of its cryptocurrency wallet that their accounts were compromised between March and May and funds removed.
“Dear [Insert customer name],” the message reads, “we are writing you to inform you about an unauthorised third-party gaining access to your Coinbase account.”
“At least 6,000 Coinbase customers had funds removed from their accounts,” the notice continues, “including you.”
California requires companies to report any data breach affecting more than 500 residents, according to the California Attorney General.
The cryptocurrency exchange platform sent the notices to affected customers last week.
A Coinbase spokesperson said in response to a Capital.com request for comment: “All customers that were impacted were contacted over the past week with steps to regain access to their accounts and start the reimbursement process.”
Shares of Coinbase are lower today, falling as much as $6.64 per share to $224.51.
Large-scale phishing
“Between late April and early May 2021, the Coinbase security team observed a large-scale phishing campaign that showed particular success in bypassing the spam filters of certain, older email services,” Coinbase said. “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.”
Coinbase said that in order to gain access to user accounts third parties would need access to an individual’s account password, personal email account and cell phone number. Coinbase blamed “phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor.”
Further, Coinbase warned hacked account holders their personal information, including full name, email address, home address, date of birth, internet protocol (IP) addresses, transaction history, account holdings and balance may have been compromised as well.
In response, Coinbase will reimburse users’ accounts and offer free credit monitoring services.
“We will ensure all customers affected receive the full value of what you lost,” Coinbase told affected users. “You should see this reflected in your account no later than today.”
User security steps
Further, Coinbase recommends users further strengthen their account security by changing their Coinbase account password to a password not used on any other site. The company recommended a similar password for any email accounts affected by the breach.
Additionally, the company suggested customers who currently use SMS-based two-factor authentication upgrade to an even stronger method of securing their Coinbase accounts, such as time-based one-time password (TOTP) or a hardware security key
“These large-scale, sophisticated phishing attacks are on the rise, and we strongly recommend anyone that uses online financial services to remain vigilant and take the necessary steps to protect their online identity,” the Coinbase spokesperson added.
Coinbase has set up a support hotline to assist account holders, as well as contact details for the three major US consumer credit rating agencies.
Read more: Coinbase sells Read more: Coinbase sells $1.25bn convertible bonds amid crypto route.25bn convertible bonds amid crypto route
Related topics