According to a breach notification letter provided to affected clients by Coinbase Global Inc, hackers stole from the accounts of at least 6,000 customers of the cryptocurrency exchange.
According to a copy of the letter released on the Attorney General’s website, the hack occurred between March and May 20 of this year.
Unauthorized third parties took advantage of a hole in Coinbase’s SMS account recovery process to obtain access to accounts and move assets to crypto wallets not affiliated with the company, according to the company.
On Friday, a Coinbase spokeswoman said, “We immediately corrected the flaw and worked with these customers to restore control of their accounts and refund them for the amounts they lost.”
The hackers needed access to personal emails and knowledge of the email addresses, passwords, and phone numbers associated with the compromised Coinbase accounts, according to the business.
There was no evidence that the information was taken via Coinbase, according to the business.
Bleeping Computer, a technology news site, first reported on the intrusion.