(Reuters) – Hackers have stolen the accounts of at least 6,000 Coinbase Global Inc customers, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.
The hack took place between March and May 20 of this year, according to a copy of the letter https://oag.ca.gov/system/files/09-24-2021%20Customer%20Notification.pdf posted on the site California Attorney General Web.
Unauthorized third parties exploited a loophole in the company’s SMS account recovery process to access accounts and transfer funds to crypto wallets not associated with Coinbase, the company said.
“We immediately fixed the flaw and worked with these customers to regain control of their accounts and refund them any lost funds,” a spokesperson for Coinbase said on Friday.
Hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts and have access to personal emails, the company said.
Coinbase said there was no evidence to suggest the information was obtained from the company.
News of the hack had already been reported by technology news portal Bleeping Computer.
(Reporting by Niket Nishant in Bangalore; Editing by Shounak Dasgupta)