Unauthorized third parties exploited a flaw in the company’s 2 factor authentication system which allowed them to gain access to the accounts, and transfer funds to crypto wallets not associated with Coinbase, the company said. In all 6000 customers were effected.
The hack occurred between March 2021 and May 20, 2021. Coinbase suspects the hackers used a email phishing campaign to trick numerous customers into giving up the email addresses, passwords, and phone numbers associated with their accounts noted in its letter to the California AG that it has not found evidence of the hacker getting this information from Coinbase itself.
Coinbase said it is compensating customers for the stolen funds, but it’s unclear whether those payments are being made in fiat or crypto.
News of the hack was earlier reported by technology news portal Bleeping Computer.