The Nasdaq-listed cryptocurrency trading platform Coinbase Global Inc has said that about 6,000 of its platform users have fallen victim to a phishing attack that saw third parties gain access to such customers’ data, including names, addresses, and emails, amongst others.
Per Reuters recent report, citing a letter shared with the affected customers, the hack took place between March and May 20 of this year. The undue access to user’s data, according to Coinbase, can only be done through access to the users’ email address, password, and phone number, which the trading platform said it’s unsure the intruders obtained from its database.
“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox,” an excerpt from the letter reads. “While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.”
The broad attack led to a risk that users’ funds being moved from the exchange. Coinbase said to reimburse all affected customers. In response to the attack, the trading platform also confirmed that it has updated its SMS Account Recovery protocols, which was identified as one of the loopholes through which the fraud was perpetrated. Coinbase also said that it is working alongside authorities to bring the perpetrators to book while promising additional support to all affected users.
Data exploits and hacking are continuously becoming prevalent in the digital currency ecosystem. Earlier in August, interoperable protocol Poly Network suffered from the largest hack in DeFi history to date, with over $610 million moved from the platform. The latest mishaps being suffered by crypto outfits brings to fore the question of security loopholes in the digital currency ecosystem and how this can stump the regulator’s enthusiasm to back the innovation with progressive regulations as demanded.
Image source: Shutterstock