Coinbase, a platform used for buying, selling and storing cryptocurrency, has said that more than 6,000 of its customers have had their accounts drained in a coordinated cyberattack.
Coinbase said that the hackers were able to target its accounts through a combination of phishing attacks and a flaw in the company’s two-factor authorization system.
Between March and May of this year, hackers managed to get into the accounts and move funds off the platform, draining some accounts completely. Thousands of customers had already begun to complain to Coinbase that funds had vanished from their accounts.
Coinbase said it updated its SMS Account Recovery protocols as soon as it became aware of the problem. The company is encouraging customers to secure their accounts with a time-based one-time password or a hardware security key.
Coinbase has also started to reimburse some customers and promises that all customers will receive the full value of what was lost. Victims will also receive free credit monitoring. Along with working with law enforcement in its investigation, Coinbase has launched an internal investigation into what happened.
Coinbase did not disclose the total value of the cryptocurrency that was stolen in the attack.