Top trading platform Coinbase disclosed a major hack to the California Department of Justice stating that between March and May 20, 2021, scammers broke into the accounts of as many as 6,000 investors through a vulnerability in the SMS multi-factor authentication.
Coinbase, in the letter, claims that the bad actors gained access to email addresses, passwords, phone numbers which are associated with Coinbase accounts. The letter also states that Coinbase is unable to come to a conclusion on how exactly the hackers managed to break into their systems.
Hackers typically use phishing or social engineering techniques to gain access and control and a spokesperson from Coinbase revealed to the Business Insider that the hackers got ''particular success in bypassing the spam filters of certain, older email services,'' and added that the company took immediate action and is working with partners to remove compromising sites that could be used as phishing.
Thankfully, Coinbase confirmed that the accounts which were hacked by the scamsters will be fully refunded and the trading platform has already set up a customer support in place to handle queries and initiate refund transactions. The company stated that some investors have already received full refunds.
''We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed -- we will ensure all customers affected receive the full value of what you lost,'' said Coinbase in a statement assuring that investors need not worry as their assets would be refunded.
The spokesperson added, ''Unfortunately we believe, although cannot conclusively determine, that some Coinbase customers may have fallen victim to the phishing campaign and turned over their Coinbase credentials and the phone numbers verified in their accounts to attackers.''
''We have not found any evidence that these third parties obtained this information from Coinbase itself. Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase,'' Coinbase spokesperson summed it up.