San Francisco, California-based cryptocurrency trading platform Coinbase has suffered the worst hack in history, the assets of 6,000 investors were stolen.
A representative of the firm confirmed this week that the platform's security was breached by hackers who took advantage of a security hole that was identified in the platform's SMS multi-factor authentication process.
Coinbase said in a report that to carry out the attack, the hackers needed to know the email, password and phone number associated with Coinbase accounts as well as access to the personal email addresses of their partners.
It may interest you: Hackers steal $600 million in cryptocurrencies, the largest embezzlement in the world
In the letter sent to his clients, he explains that between March and May 20, 2021, those responsible for the scam carried out a hacking campaign to breach the accounts of Coinbase clients and steal cryptocurrencies.
He added that the scammers gained access to each user's personal data through well-planned phishing campaigns.
“While we cannot conclusively determine how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly revealing the credentials login" reads the letter.
Coinbase recognized that a vulnerability existed in its SMS account recovery process, which allowed it to obtain the SMS two-factor authentication token needed to access a secure account.
After identifying the theft, he said that he has worked on improving SMS account recovery protocols, and it was reported that he has started depositing the stolen amounts to the accounts of the affected users.
Coinbase has approximately 68 million users present in more than 100 countries and is considered the second largest cryptocurrency exchange in the world.
Also:Scammers created a bitcoin wallet and disappeared with $3.6 billion from investors in South Africa
During 2021, cryptocurrency hacks and fraud cases have intensified. According to the site specialized in crypto assets cryptohead.io, the amount defrauded amounts to 3,000 million dollars.
One of the most recent scams is that of the Poly Network, the blockchain-based decentralized financial platform, which last August suffered a massive attack by hackers who hacked $600 million.
The scam was considered the largest in the world to a DeFi protocol.
“We are sorry to announce that the PolyNetwork was attacked on BinanceChain, Ethereum and 0xPolygon”, said the Poly Network through its Twitter account where it also announced that it had initiated legal action against those involved.
Also read: 5 cases of millionaire scams with cryptocurrencies
The attack was registered from Ethereum, for $264.8 million in tokens; a Binance Chain account, for $250.8 million; and one from Polygon, with about $85 million.