Hackers drain cryptocurrency accounts of thousands of Coinbase users

Hacker using a phone and pc while wearing a ski mask.
(Image credit: Getty- South_Agency)

Update: Coinbase got back to us and explained exactly which customers are getting reimbursed after some Coinbase customers contacted us saying they were victims of the attack but have yet to recover their lost funds. 

"We’re notifying those customers directly who lost funds as a result of this specific issue and helping to reimburse them for any loss that occurred during the attack. Please note, this reimbursement is limited to those customers we’ve confirmed were victims of this attack and lost funds as a result."

Original Story: Coinbase, a platform used for buying, selling, and storing cryptocurrency, notified over 6,000 customers that they were victims of a targeted campaign to gain access to their accounts that involved a combination of phishing attacks and a flaw in Coinbase's two-factor authorization system. 

Your next upgrade

(Image credit: Future)

Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest

Between March and May of 2021, hackers managed to get into the accounts and move funds off the platform, draining some accounts dry. Thousands of customers had already begun to complain to Coinbase that funds had vanished from their accounts.

According to the letter sent to users, here's how Coinbase claims the hackers got into the compromised accounts:

"In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself."

Once they had a user's login and password, Coinbase says the hackers "took advantage of a flaw in Coinbase's SMS Account Recovery process to receive an SMS two-factor authentication token and gain access" to the account. Once they were in, the hackers simply transferred the funds to wallets off the Coinbase platform. 

Coinbase says that it updated its SMS Account Recovery protocols as soon as it became aware of the problem. The company is encouraging customers to secure their accounts with a TOTP (time-based one-time password) or a hardware security key. And, of course, recommends changing your current password.

Below is a screenshot of the phishing text a Coinbase user got and thankfully did not click on. It's easy to see how some customers could have gotten fooled especially if they use two-factor on their phones. 

Copy of phishing text sent to victims.

(Image credit: Future)

Some good news for the victims: Coinbase has already started to reimburse some customers and promises that all customers will receive the full value of what was lost. Victims will receive free credit monitoring. Along with working with law enforcement in its investigation, Coinbase is also launching an internal investigation into what happened. 

Coinbase did not disclose how much cryptocurrency was stolen in the attack, but I'm sure it's nowhere near the amount that was stolen a few months ago from Poly Network in a wild digital heist. We've reached out to Coinbase for comment. 

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.