Cybercriminals steal funds on Coinbase

Cryptocurrency trading platform Coinbase has reported unauthorised access to user accounts, including access to personally identifiable information (PII), manipulation of account settings and theft of funds from at least 6,000 of its customers.

Coinbase has been unable to conclusively determine why the cybercriminals had the login credentials of those affected, but has assumed a flaw in the two-step authentication process in the SMS Account Recovery protocol.

Currently, the protocol has been updated and the stolen money has been reimbursed.