Coinbase Discloses That 6,000 Customers Got Hacked This Spring (2024)

Table of Contents
Recommended by Our Editors Like What You're Reading? FAQs

Coinbase has disclosed that hackers successfully stole cryptocurrency from at least 6,000 customers this spring, partly by exploiting a flaw in the cryptocurrency exchange’s two-factor authentication system.

Coinbase revealed the hacking spree in a data breach notice sent out to affected customers this week. “At least 6,000 Coinbase customers had funds removed from their accounts, including you,” the notice says. BleepingComputer was first to report the news.

The account breaches occurred between March 2021 and May 20, 2021. Coinbase suspects hackers used a large-scale email phishing campaign to trick numerous customers into giving up the email addresses, passwords, and phone numbers associated with their accounts. In addition, the unknown culprits also gained access to victims’ email inboxes by using a malicious app capable of reading and writing to the inbox if the user grants permission.

Coinbase Discloses That 6,000 Customers Got Hacked This Spring (1)Coinbase Discloses That 6,000 Customers Got Hacked This Spring (2)

(Coinbase)

Still, a password isn’t enough to break into a Coinbase account. By default, the company secures an account with two-factor authentication, meaning you need both a password and a one-time passcode generated on your phone to access the account.

However, in some cases, the hackers were able to steal the one-time passcode. This occurred for users who secured their account with the two-factor authentication system that relies on sending the code via SMS messages.

“Once the attackers had compromised the user’s email inbox and their Coinbase credentials, in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account,” a spokesperson for the cryptocurrency exchange told PCMag in a statement.The hackers then looted the cryptocurrency funds.

Coinbase didn’t elaborate on how the impersonation occurred. But the statement suggests the attackers used a SIM-swapping attack to trick the cell phone carrier into transferring over the victim's mobile phone number.

In response, Coinbase says it’s been compensating victims for the stolen cryptocurrency, following reports the company did little to help consumers hit in the hacks. “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” a company spokesperson added.

How the flaw was fixed is also unclear. However, Coinbase is encouraging customers to drop the SMS-based two-factor authentication system for stronger methods. This includes generating the one-time passcode on a mobile app or using a hardware-based security key.

In a blog post published earlier this week, the cryptocurrency exchange also stressed that the hackers never breached Coinbase’s security infrastructure or broader systems.“We have not found any evidence that these third parties obtained this information from Coinbase itself."

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

Coinbase Discloses That 6,000 Customers Got Hacked This Spring (2024)

FAQs

Coinbase Discloses That 6,000 Customers Got Hacked This Spring? ›

Coinbase Discloses That 6,000 Customers Got Hacked This Spring. Attackers likely used phishing emails to gain access to victims' email inboxes, and then exploited a flaw in Coinbase's two-factor SMS system to break into Coinbase user accounts.

Read On
Can you get your money back if your Coinbase is hacked? ›

If Coinbase determines that you are eligible for reimbursem*nt under the Coinbase Account Protection, Coinbase will provide you with a one-time payment equal to the lesser of (i) the actual amount of funds or Digital Currency, as the case may be, that were improperly removed from your Coinbase account as a result of ...

Discover More Details
Did Coinbase hackers exploit multi factor flaw to steal from 6000 customers? ›

More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase's SMS-based two-factor authentication system to breach accounts.

Continue Reading
How do hackers get into your Coinbase account? ›

Keyloggers, remote access trojans (RATs), and cookie-stealing malware can all be used to steal your sign-in credentials and gain unauthorized access to your accounts.

See Details
Can someone steal your info from Coinbase? ›

Never share your recovery phrase with anyone.

If someone finds out your private keys and passwords, they could access your funds. Use a virtual private network (VPN) when accessing your Coinbase Wallet. This will prevent anyone from intercepting your data as you enter your passcode.

Find Out More
How do I get my money back from Coinbase? ›

To cash out your balance:
  1. Sign in to your Coinbase.com account.
  2. Select My Assets.
  3. Select your local currency balance.
  4. Select the Cash out tab and enter the amount you want to cash out.
  5. Select Transfer to and choose your cash out destination.
  6. Select Review.
  7. Select Withdraw cash to complete your transfer.

Tell Me More
Can I sue Coinbase for getting hacked? ›

Therefore, if you were the victim of a Coinbase hacking incident, you might be able to take legal action. It is imperative to discuss your case with a cryptocurrency lawsuit attorney who can help you understand your rights.

Show Me More
Can someone get your bank info from Coinbase? ›

Secure Communication: All traffic between your device and Coinbase is encrypted to prevent any third-party eavesdropping on your connection. This ensures that your data remains private during transmission.

Explore More
Is Coinbase in trouble? ›

Coinbase, the largest U.S.-based crypto trading platform, is facing obstacles in the form of hostile regulators (including the SEC, which sued the company), data breaches, disgruntled customers, and technical glitches. Plus, it's facing new competition from fund companies and brokerages.

Continue Reading
Is Coinbase insured if hacked? ›

Coinbase carries crime insurance that protects a portion of digital assets held across our storage systems against losses from theft, including cybersecurity breaches.

Show Me More

Is it safe to give my SSN to Coinbase? ›

We will never sell or rent your personal information to third parties. For more information please check out our Privacy Policy and User Agreement.

Read The Full Story
Is Coinbase having problems right now? ›

Welcome to the Coinbase status page. We use this page to communicate any issues with our products including planned and unplanned outages. No incidents reported today.

See Details
Can someone take money from my Coinbase wallet? ›

Keep your assets secure

Coinbase Wallet is a self-custody web3 wallet, putting you in full control of the private keys to your assets on the blockchain. Nobody, including Coinbase, can access your tokens or NFTs without your recovery phrase.

Get More Info Here
Can I recover stolen crypto in Coinbase? ›

With the asset recovery service, verified Coinbase customers can now recover lost funds for certain ERC-20 assets and send them to a self-custodial wallet of their choice.

Continue Reading
What happens if you get scammed on Coinbase? ›

If you are a victim of a phishing attack, please immediately take action to secure your account by changing your email and Coinbase password. If you have further questions or suffered a financial loss due to this attack, please contact our support team.

View More
How can I get my Coinbase back? ›

1) Go to the Coinbase login page and click on "Forgot Password?" or "Can't access your account?". 2) Select the type of account recovery you need: password reset, email address change, or phone number change. 3) Follow the prompts to provide the necessary information to verify your identity.

View Details
Top Articles
How do I clear my browser cache in Firefox?
Understanding the Roth IRA 5-Year Rule
English Bulldog Puppies For Sale Under 1000 In Florida
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Craigslist Dog Kennels For Sale
Things To Do In Atlanta Tomorrow Night
Non Sequitur
Crossword Nexus Solver
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Energy Healing Conference Utah
Geometry Review Quiz 5 Answer Key
Hobby Stores Near Me Now
Icivics The Electoral Process Answer Key
Allybearloves
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Marquette Gas Prices
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Vera Bradley Factory Outlet Sunbury Products
Pixel Combat Unblocked
Movies - EPIC Theatres
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Mia Malkova Bio, Net Worth, Age & More - Magzica
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Nfsd Web Portal
Selly Medaline
Latest Posts
Heaven's language
ES1! by CleoFinance — TradingView
Article information

Author: Maia Crooks Jr

Last Updated:

Views: 6278

Rating: 4.2 / 5 (63 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Maia Crooks Jr

Birthday: 1997-09-21

Address: 93119 Joseph Street, Peggyfurt, NC 11582

Phone: +2983088926881

Job: Principal Design Liaison

Hobby: Web surfing, Skiing, role-playing games, Sketching, Polo, Sewing, Genealogy

Introduction: My name is Maia Crooks Jr, I am a homely, joyous, shiny, successful, hilarious, thoughtful, joyous person who loves writing and wants to share my knowledge and understanding with you.