Coinbase customers got robbed in the latest phishing attack on the exchange as the platform acknowledged that thousands of customers got their funds drained but said it will reimburse the loss so let’s read more in our latest Coinbase news today.
The hacks occurred as a result of a phishing campaign that got around SMS authentication but the hack didn’t penetrate the company’s servers. The exchange revealed that Coinbase customers got robbed as the phishing attack got to their funds and as a result of the campaign, the hackers used an SMS-based authentication feature to get to the accounts.
The news of the phishing campaign was initially reported in August but the scope began clear after the company posted a letter that was sent to the affected customers, which only now got to the media. Coinbase said that hackers gained access to the victim’s email accounts and then used the compromised accounts to drain the users’ crypto but even though the exchange requires a widely-used security feature called Two-factor authentication, the SMS version meant that users got a text message to confirm the transaction and it broke down. The letter said:
“However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
Coinbase said it will reimburse those users that got their funds lost due to the phishing attack and that it has already started to make the customers whole the company didn’t disclose the total amount of the lost funds. The hack didn’t amount to the exchange getting hacked since the hackers didn’t appear to have breached the company’s internal systems but they came about because the customers fell for phishing attacks that were aimed at their personal emails.
It’s still unclear why Coinbase took so long to acknowledge the issue which happened in May but the company did publish a blog post describing the sophisticated phishing campaign and didn’t disclose that the hackers used to rob more than 6000 customers. Coinbase also didn’t do anything to warn the customer base at the time the attacks were underway or in the next months either. According to a spokesperson, the company didn’t want to interfere with the law enforcement agencies that were investigating the incident as the spokesperson said:
“Because of the size, scope and sophistication of the campaign we have been working with a range of partners, law enforcement agencies and other stakeholders to understand the attack and develop mitigation techniques. We didn’t feel comfortable disclosing the attack publicly until the correct steps were taken to ensure that it couldn’t be repeated successfully, and would not compromise the integrity of law enforcement investigations.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post