Coinbase hacked between March-May 20 2021

Written By Francisko Kim

Key points:

  • The attackers took advantage of a flaw in Coinbase’s SMS Account Recovery process to receive an SMS two-factor authentication token and gain access to at least 6,000 Coinbase customer accounts

  • Coinbase updated their SMS Account Recovery protocols as soon as they became aware of the issue

  • Coinbase will be depositing funds into the accounts of the victims of this attack, equal to the value of the currency at the time of the incident

    • Some customers have already been reimbursed

  • Coinbase is strongly recommending customers to use an even more secure method to secure their accounts

    • Such as: time-based one-time password (TOTP) or a hardware security key

View the entire disclosure filed by Coinbase to the California Department of Justice

Francisko Kim
Previous

10/1 FAL Weekly Digest
Next

MiamiCoin Nets $7.8 Million for City of Miami