Coinbase has suffered from another security compromise as hackers reportedly took advantage of Coinbase’s SMS account recovery process to gain access to user funds.
According to a report from Bleeping Computer, the attackers stole cryptocurrency from 6,000 accounts, albeit the monetary worth of the loss was not reported.
Coinbase apparently told affected customers earlier this week that the fraud took place between March and May of this year.
The attackers needed to know the affected users’ email addresses, passwords, and phone numbers in order to get access to their accounts. Although phishing attacks targeting exchange users are prevalent, it’s unclear how the attackers received this information.
Coinbase, on the other hand, discovered a flaw in the account recovery process that the attackers used to get access to the accounts:
“ […] in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
Coinbase, one of the largest cryptocurrency exchanges in the world, has been chastised for its terrible customer support.
Customers whose accounts were allegedly hacked and deprived of funds were unable to contact support staff, resulting in thousands of complaints against the company.
Coinbase’s initial public offering (IPO) was valued at $86 billion in April, but the business has struggled to scale its customer care department. Customers who feel their account has been hacked can call a new assistance line set up by the corporation in August.