Skip to main content

Thousands of Coinbase wallets drained by hackers

Coinbase logo on the screen.
(Image credit: Shutterstock)

Coinbase, the cryptocurrency platform used for buying coins like Bitcoin, Ethereum and others, has suffered a hack that's affected 6,000 users, completely draining their accounts. 

Coinbase sent a document to users, as reported by our sister-site Techradar, telling them that all their funds had been drained by taking advantage of the company's two-factor authentication (2FA) and using phishing attempts to gain access to passwords. The attacks took place between March and May of 2021. 

The reason this attack wasn't more widespread was because the hackers needed some very specific information before going after someone. This meant knowing a user's email address, password and phone number, as well as access to personal email accounts. 

Coinbase has not been able to determine how these hackers were able to get access to this information, but suspects phishing attacks and other social engineering techniques to be the culprit. 

According to Coinbase, "We have not found any evidence that these third parties obtained this information from Coinbase itself."

"However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account."

Coinbase claims that as soon as it learned of the issue, it updated its SMS account recovery protocols to prevent further abuse. The company also worries that the hackers were able to view some critical personal information, including home addresses, date of birth and IP addresses. Luckily, Coinbase has refunded users and put crypto back into user accounts. 

"We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost."

Of course, Coinbase is already working with authorities to try and find the criminals. Coinbase will also be providing free credit monitoring to affected customers. 

The company is also imploring customers to forego SMS authentication and to instead use time-based one-time password (TOTP) like Google Authenticator or a hardware security key. And, of course, users should probably change their current password on their Coinbase account and email account as well. 

Imad Khan

Imad Khan is news editor at Tom’s Guide, helping direct the day’s breaking coverage. Prior to working at the site, Imad was a full-time freelancer, with bylines at the New York Times, the Washington Post and ESPN. Outside of work, you can find him sitting blankly in front of a Word document trying desperately to write the first pages of a new book.