The Cryptocurrency exchange platform Coinbase recently disclosed that over 6,000 of its users’ accounts had been maliciously accessed following an email phishing campaign. The breaches began somewhere between march and may of 2021, and consisted of hackers composing emails to mass amounts of people that resulted in the victims giving up email addresses, passwords, and phone numbers associated with their Coinbase accounts. They also gained access to the victims’ entire email inboxes by utilizing a malicious app capable of reading and writing emails on their accounts.
Using the victim’s information, the hackers would then log in to their Coinbase accounts and siphon any crypto funds available in the victim’s accounts. Coinbase has stated that it will be compensating victims for any and all stolen cryptocurrencies and has fixed the flaw that allowed the hackers to steal the crypto in the first place.