Crypto exchange Coinbase says that bad actors have stolen crypto assets from at least 6,000 traders this year.
In a letter posted on the California Attorney General website, Coinbase says hackers took advantage of a flaw in the exchange’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to the funds, which they then transferred to wallets unassociated with the exchange.
The hackers had previously secured e-mail addresses, passwords, and phone numbers associated with the impacted accounts, according to Coinbase’s letter.
Coinbase claims no evidence has been found suggesting that personal information was taken from the exchange itself.
The attacks reportedly happened between March and May 20th of 2021.
Coinbase says they have updated their SMS Account Recovery protocols “to prevent any further bypassing of that authentication process.” The exchange also says they plan to fully reimburse customers.
The company adds that they are conducting an internal investigation and are working with law enforcement to determine who was behind the attack.