Coinbase has launched a letter of notification of non-compliance this week saying that a minimum of 6,000 user accounts were victims of hackers. The exchange has stated that the breach occurred between March and May of this year.
What we know
The letter notes that unauthorized third parties exploited Coinbase’s SMS account recovery process and transferred user funds to accounts outside of Coinbase. However, the company added that to do so, those third parties needed to have email addresses, passwords and phone numbers, as well as access to email.
Coinbase believes that users were victims of a phishing attack, or some sort of equivalent, for this information to be exposed, and that there was no evidence to support that the information was taken directly from Coinbase. The exchange claims that the account recovery protocols around SMS were updated after Coinbase discovered the problem.
The letter closes that some accounts have already been reimbursed and that all accounts would be fully compensated equal to the losses incurred. The letter was also posted on the California Attorney General’s website.
Since going public earlier in the year, COIN has faced substantial headwinds, with less-than-stellar stock market performance. | Source: NASDAQ: COIN on TradingView.com
Related reading | Bitcoin price soars 10% move, but is this the start of more?
While the number of cryptocurrencies hacked has not been disclosed, Coinbase’s immediacy in restoring user funds is reassuring, but it comes at a time when various stories have made headlines about hacking and vulnerabilities.
In recent days, Compound Finance issued a government rule that had a small piece of faulty code that resulted in inappropriate token distribution, putting more than $ 80 million in COMP tokens at risk. Just a few days before, the DeFi pNetwork protocol lost more than $ 12 million to hackers.
Nor is it the first difficult situation for Coinbase recently. Last week, pressure from the Securities and Exchange Commission (SEC) was enough to completely set aside the company’s anticipated interest-generating product, Lend. That came just weeks after a blog post and corresponding long-winded tweet thread from Coinbase CEO Brian Armstrong expressing frustration in communications with the SEC and describing the agency as “incomplete.”
Crypto’s safety and security has improved substantially over time, but that doesn’t mean that no one is vulnerable. Our team at NewsBTC reminds you to always use two-factor authentication, ideally through an authenticator, never share your opening phrase, use platforms you trust, and be on the lookout for suspicious emails that may be trying to phish.
Featured image from Pexels, Charts from TradingView.com