Media: hackers hacked into thousands of Coinbase user accounts
Unknown hackers have hacked about six thousand user accounts of cryptocurrency exchange Coinbase. They took advantage of a vulnerability to bypass two-factor authentication via SMS, writes Bleeping Computer.
The publication published a letter from Coinbase to those affected, which says a massive hack took place between March and May 2021. The attack required an access email address, password and tethered phone number.
The company admitted that the vulnerability was related to SMS verification, which caused attackers to obtain authentication tokens without access to the smartphone. The bug has already been fixed.
The trading platform has taken responsibility for the hack and promised to compensate users as the compromised accounts were secured as recommended by Coinbase.
"We will replenish your accounts with an amount equal to the value of the unreasonably withdrawn currency at the time of the incident. Some customers have already been compensated. We will ensure that all affected customers are fully compensated for their losses. The changes should be reflected in your accounts by the end of today," the exchange said in a statement.
Coinbase did not specify in what currency the compensation would be paid. Customers will have to pay tax when fiat is credited and profits are made.
As a reminder, in August Coinbase mistakenly sent emails to users informing them that their two-factor authentication settings had been changed. About 125,000 customers received similar notifications.