Unknown hackers have hacked about six thousand accounts of users of the Coinbase cryptocurrency exchange. They took advantage of the vulnerability to bypass two-factor authentication via SMS, writes Bleeping Computer.
The publication published a letter from Coinbase to the victims, which talks about a large-scale hacking from March to May 2021. The attack required an email address with access, a password and a linked phone number.
The company acknowledged that the vulnerability is related to SMS verification, due to which attackers received authentication tokens without access to a smartphone. The error has already been fixed.
The trading platform took responsibility for the hacking and promised to compensate users for losses, since the hacked accounts were protected according to the recommendations of Coinbase.
“We will replenish your accounts for an amount equal to the value of the unreasonably withdrawn currency at the time of the incident. Some customers have already received compensation. We will make sure that all affected customers receive full compensation for losses. The changes should be reflected in your accounts by the end of today,” the exchange said in a statement.
Coinbase did not specify in which currency the compensation will be paid.
When crediting fiat and making a profit, customers will have to pay tax.
Recall that in August, Coinbase mistakenly sent emails to users with information about changing their two-factor authentication settings. About 125,000 customers received similar notifications.