6,000 Coinbase users had their accounts compromised because of a bug
Coinbase is known as one of the safest exchanges, but it is not impervious to security incidents.
According to a report by Bleeping Computer, 6,000 Coinbase users were robbed of their funds earlier this year due to a bug in the exchange’s SMS account recovery process.
The bad actor behind the attack managed to gain access to secured accounts by intercepting SMS texts with verification codes.
On May 11, Coinbase tweeted that it had fixed the vulnerability without getting into the details.
The exchange claims that the attacker had to find out phone numbers and passwords and also hack into their emails in order to pull off the whole plan.
The report says that the victims were likely successfully targeted by widespread phishing campaigns.
The largest U.S. exchange vows to reimburse all of its customers affected by the vulnerability:
We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today.