According to a breach notification letter sent by the cryptocurrency exchange to affected customers, the hackers stole the accounts of at least 6,000 customers of Coinbase Global Inc.
According to a copy of the letter posted on the website of the California Attorney General, the hack took place between March and May 20 of this year.
Unauthorized third parties exploited a flaw in the company’s SMS account recovery process to gain access to the accounts, and not transfer funds to crypto wallets linked to Coinbase, the company said.
“We have promptly corrected the flaw and have worked with these customers to regain control of their accounts and reimburse them for the money they lost,” a Coinbase spokesperson said on Friday.
The company said the hackers needed to know the email addresses, passwords and phone numbers associated with the affected Coinbase accounts, and access personal emails.
Coinbase said there was no evidence to suggest the information was obtained from the company.
The hack was first reported by technology news portal Bleeping Computer.
© Thomson Reuters 2021