The digital currency exchange Coinbase announced that thousands of users’ accounts have been emptied in phishing attacks. According to statistics, just over 6,000 accounts have fallen victim to these attacks.
to the Report The cryptocurrency exchange has announced that it will repay the funds of more than 6,000 customers whose accounts have been emptied. The hack occurred as a result of a phishing operation and via SMS authentication. However, the Coin Base exchange office stated that the hacker did not infiltrate the company’s servers.
Coin Base, one of the largest digital currency exchanges, revealed that the funds of about 6,000 users have been “removed” from their accounts. This was the result of a phishing scam in which hackers used SMS-based authentication, which the company used to secure many accounts.
Reports of phishing scams were first released in August, but details of the report were released when the company sent letters to users affected by the attack.
In the letter, Coin Bass said the hackers first gained access to the victims ’email accounts and then used them to drain users’ digital currencies. Although the Coin Base digital currency exchange uses a functional security feature called “two-factor authentication” for this purpose, the part that provided these services in the form of text messages was disrupted. In this case, users received a text message to confirm the transaction. The letter read:
However, in this incident, customers who used SMS for two-step authentication, a third party used the breach in the account recovery process via QuinnBass SMS to receive a SMS containing the password of the two-factor authentication and to Access your account.
Coin Bass has also said that he will pay the people who lost in the phishing attack and has already started the repayment process. The company did not comment on the total amount stolen by the hackers and did not disclose the amount.
Of course, this does not mean that Coin Base has been hacked, as the reports show that the hackers did not infiltrate the company’s internal systems. Instead, the theft occurred because users were tricked into phishing attacks on their personal email account (which is very common).
However, it is still unclear why it took a long time, from March to May, for Coin Bass to accept what had happened. While the company described a sophisticated phishing scam in a post earlier this week, no information was released that the hackers had used the attack to successfully steal thousands of customers. Coin Bass does not appear to have taken any specific action at the time of the attacks, even in the months that followed, to warn his users.
According to spokesman Coin Bass, the company does not want to interfere in the work of law enforcement agencies investigating the incident:
Because of the scale, scope, and complexity of this action, we have worked with a wide range of partners, law enforcement agencies, and other stakeholders to understand the attack and develop harm reduction techniques. We did not feel comfortable disclosing them publicly until we were sure that the necessary measures would be able to prevent a successful recurrence of these attacks and would not jeopardize the integrity of law enforcement investigations.
The attacks appear to be of a global nature, as Coin Bass wrote in a letter that he provided credit monitoring services in “your country of residence”.
Coin Bass also urged users to use a more secure two-factor authentication method, such as an external hardware device or an authentication software, for added security.