Coinbase hacked – Crypto exchange Coinbase announced in Spring 2021 that it had fallen victim to a large-scale email phishing attack. More than 6,000 customer accounts were affected. In this article, the law firm Herfurtner summarises everything about the explosive incident.
We also explain the dangers of phishing and hacking in connection with crypto trading.
Table of contents
- Coinbase hacked – Information at a glance
- Number of phishing attacks on the rise
- Coinbase comments on the hacking attack
- How secure is Coinbase?
- Cybercriminals – increasingly successful
Do you have questions on the subject or would you like to find out about security measures against hacking, pharming and phishing? Our lawyers at the Herfurtner law firm offer you comprehensive legal advice. Use our contact form to request an appointment or describe your concern.
Coinbase hacked – Information at a glance
Crypto trading platform Coinbase has confirmed in a public statement that its customers were victims of a widespread email phishing scam in early 2021. More than 6,000 customers fell for the scam and their accounts were looted, according to the listed company.
The affected Coinbase customers were asked to enter their login details under false pretences. Many did so, believing they were connected to the exchange.
The hackers’ access to the data allowed them to bypass an SMS-based two-factor verification function. This is used by the company to secure a large number of accounts. The attack occurred between March and May 2021, when cryptocurrency trading was exceptionally strong.
According to Coinbase, the number of phishing attacks has increased
According to the crypto exchange, it is still unclear how the fraudsters obtained users’ personal data. The cyber-attack was first reported by the press in August. The issue came to public attention a second time when a letter from the company addressed to the affected customers was circulated.
In the letter, Coinbase explains that the hackers gained access to the victims’ email accounts. The stolen data was used by the perpetrators to access the Coinbase accounts and steal the crypto funds.
Despite the fact that Coinbase uses a widely used security element known as “two-factor authentication”, which is considered very secure, this security measure was not sufficient here.
Coinbase hacked: crypto exchange comments on cyber attack
According to Coinbase, the attackers gained access to the user’s phone number, email address and password, which allowed them to withdraw the money.
While it is not clear to Coinbase how the attackers got their hands on this information from users, the provider speculates that it may have happened through a bug in the account recovery process.
Coinbase also believes that the attackers obtained the victims’ personal information through phishing, which eventually led to the theft of their money.
The affected customers were notified of the incident as soon as possible, according to Coinbase, and the matter was reported to the California Attorney General’s Office. Coinbase stresses that they intend to repay all those who lost money as a result of the phishing attack. In fact, they have already started to do so.
The total amount stolen by the hackers has not been disclosed by the company.
How safe is Coinbase?
Coinbase hacked: However, it is unclear why Coinbase took so long to confirm the incidents. After all, they occurred between March and May. The company also does not seem to have issued any warnings to its users.
Neither immediately after the attacks nor in the months afterwards. Customers around the world appear to have been affected by the cyberattack. According to Coinbase, customers should use a more secure form of two-factor authentication than SMS in the future. For example, an external hardware device or an authentication app.
Success rate of phishing attempts increases
Coinbase had warned before the hack was revealed earlier that phishing attacks were on the rise. According to the report, attackers have a higher success rate with this form of attack, which is why users should be especially careful with their passwords.
The crypto exchange has seen an increase in phishing emails, according to the company’s security staff. Some of these methods are extremely effective at bypassing the spam filters of older email providers.
Coinbase has published several cases of phishing emails to help consumers understand what they are dealing with. But Coinbase is not the only crypto exchange that has been affected by phishing or hacking in the past.
Online trading platforms for cryptocurrencies are as popular with fraudsters as they are with crypto investors. Caution is therefore always advised.
In fraud cases involving phishing and other scams, our lawyers at Herfurtner Law Firm offer advice and assistance. Contact us now and arrange an initial non-binding and free consultation.