It became known that more than 6 thousand users of the Coinbase cryptocurrency exchange had their funds stolen from their accounts. Hackers exploited a vulnerability in Coinbase’s SMS-based two-factor authentication system to hack accounts. The attacks were carried out between March and May of this year.
Coinbase says it updated its two-factor authentication protocols via SMS immediately after it became aware of the issue. The company noted that hackers could only exploit this vulnerability if they knew the victim’s login and password. Coinbase does not know exactly how the attackers gained access to this information, but it is assumed that phishing and social engineering were used. The company claims that we are not talking about a data breach on its part.
Coinbase said it will fully indemnify all users who lost funds as a result of the attack no later than today.