One of largest cryptocurrency exchanges Coinbase and its customers became victims of hackers.
As it turns out, this is not "a one-time action" - hackers used a vulnerability between March and May this year. We are talking about vulnerability, which allowed bypassing the multifactor authentication function via SMS. However, in order to use it, it was necessary to know the user's login and password. Coinbase believes that phishing and social engineering went into action to obtain this information. That is, no data was leaked by .
As a result hackers managed to take money from 6 thousand Coinbase customers. What exactly is the amount - the exchange does not say.
The vulnerability has now been fixed, and Coinbase promises to reimburse customers for the lost amounts.
"We will credit your account with funds equal to the value of the currency improperly removed from your account during the incident. Some customers have already been reimbursed - we will make sure that all affected customers receive the full value of what you lost. You should see this in your account no later than today", - promise Coinbase.
Source: Bleeping Computer