Thousands of Coinbase wallets drained by hackers

1. Dwelling house
2. News
3. Security

Thousands of Coinbase wallets tuckered by hackers

(Image credit: Shutterstock)

Coinbase, the cryptocurrency platform used for buying coins like Bitcoin, Ethereum and others, has suffered a hack that'south affected 6,000 users, completely draining their accounts.

Coinbase sent a certificate to users, equally reported by our sister-site Techradar, telling them that all their funds had been drained by taking advantage of the company's 2-factor authentication (2FA) and using phishing attempts to proceeds access to passwords. The attacks took place between March and May of 2021.

• These are the all-time crypto wallets to buy
• Windows eleven launch twenty-four hours live blog — what you lot need to know
• Plus: Watch out for this fake Android security update — it'south really malware

The reason this attack wasn't more widespread was because the hackers needed some very specific data before going later someone. This meant knowing a user's email accost, countersign and phone number, as well as admission to personal email accounts.

Coinbase has not been able to decide how these hackers were able to get access to this information, only suspects phishing attacks and other social engineering techniques to be the culprit.

According to Coinbase, "We accept not found any evidence that these third parties obtained this information from Coinbase itself."

"However, in this incident, for customers who employ SMS texts for ii-factor authentication, the 3rd party took advantage of a flaw in Coinbase'southward SMS Business relationship Recovery process in order to receive an SMS ii-gene authentication token and gain access to your account."

Coinbase claims that equally presently equally it learned of the upshot, it updated its SMS account recovery protocols to prevent farther abuse. The company also worries that the hackers were able to view some critical personal information, including home addresses, date of nativity and IP addresses. Luckily, Coinbase has refunded users and put crypto back into user accounts.

"We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers take already been reimbursed — we will ensure all customers affected receive the full value of what yous lost."

Of grade, Coinbase is already working with authorities to effort and notice the criminals. Coinbase volition besides be providing free credit monitoring to affected customers.

The company is too imploring customers to forego SMS hallmark and to instead utilise time-based one-time password (TOTP) like Google Authenticator or a hardware security key. And, of course, users should probably modify their current countersign on their Coinbase business relationship and email account besides.

• All-time Identity theft protection services: Our elevation picks

Imad Khan is news editor at Tom's Guide, helping directly the day's breaking coverage. Prior to working at the site, Imad was a full-time freelancer, with bylines at the New York Times, the Washington Post and ESPN. Outside of work, yous can notice him sitting blankly in front end of a Word document trying desperately to write the kickoff pages of a new book.

Source: https://www.tomsguide.com/news/coinbase-hacked-6000-accounts-see-cryptocurrency-drained

Posted by: hunterlasuall.blogspot.com

Share this post