Coinbase says hackers stole cryptocurrency from at least 6,000 customers
Oct. 1 (Reuters) – Hackers stole the accounts of at least 6,000 customers of Coinbase Global Inc (COIN.O), according to a breach notification letter sent by the cryptocurrency exchange to affected customers.
The hack took place between March and May 20 of this year, according to a copy of the letter posted on the California Attorney General’s website.
Unauthorized third parties exploited a loophole in the company’s SMS account recovery process to access accounts and transfer funds to crypto wallets not associated with Coinbase, the company said.
“We immediately fixed the flaw and worked with these customers to regain control of their accounts and refund them any lost funds,” a spokesperson for Coinbase said on Friday.
Hackers needed to know email addresses, passwords and phone numbers linked to affected Coinbase accounts, and have access to personal emails, the company said.
Coinbase said there was no evidence to suggest the information was obtained from the company.
News of the hack had already been reported by technology news portal Bleeping Computer.
Report by Niket Nishant in Bangalore; Editing by Shounak Dasgupta
Our Standards: The Thomson Reuters Trust Principles.