Unknown hackers breached about six thousand Coinbase user accounts. They exploited a vulnerability to bypass SMS-based two-factor authentication, according to Bleeping Computer.
The outlet published a letter from Coinbase to the affected customers detailing a large-scale breach from March through May 2021. The attack required access to an email address, a password, and the phone number linked to the account.
The company acknowledged that the vulnerability was related to SMS verification, which allowed attackers to obtain authentication tokens without access to the smartphone. The flaw has already been fixed.
The exchange took responsibility for the breach and pledged to compensate users for losses, since the compromised accounts were protected by Coinbase’s recommendations.
“We will replenish your accounts with an amount equal to the value of the unjustly withdrawn currency at the time of the incident. Some customers have already received compensation. We will ensure that all affected customers receive full reimbursement of their losses. The changes should be reflected in your accounts by the end of today,” according to the exchange’s statement.
Coinbase did not specify in what currency the compensation would be paid. When fiat is credited and gains are realized, customers will owe taxes.
In August, Coinbase mistakenly sent emails to users about changes to their two-factor authentication settings. Similar notifications were received by about 125,000 customers.
09 24 2021 Coinbase Customer Notification by ForkLog on Scribd
Read ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analytics.