Cryptocurrency hackers stole from at least 6,000 Coinbase Global accounts in a hack between March and May 20, according to a breach notification letter sent to the customers who were affected, Reuters reported on Friday (Oct. 1).
The California Attorney General’s office posted a copy of the letter on its website. Coinbase says the hack occurred when unauthorized third parties found a flaw in its SMS account recovery, jumped into the accounts and transferred funds to cryptocurrency wallets not tied to the company.
“We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” a Coinbase spokesperson said on Friday, according to the Reuters report.
Hackers had email addresses, passwords and phone numbers linked to the affected Coinbase accounts to carry out the hack and gain access to personal emails, the company said. There was no evidence that a Coinbase employee was involved in the hack, Reuters noted.
Technology news portal Bleeping Computer first reported the Coinbase hack.
Related news: Coinbase Kills Lend Product Amid SEC Ire
Coinbase killed the proposed loan product Coinbase Lend and its associated waitlist after the Securities and Exchange Commission (SEC) threatened action against the company.
Paul Grewal, Coinbase’s chief legal officer, said in a blog post last month that the company didn’t know what issues the SEC had with Coinbase Lend, and the two sides had been in discussions for over six months.
Coinbase originally planned to fight the SEC threats and got social media support in early September when Coinbase CEO Brian Armstrong made the situation public on Twitter, but they later reversed course and ended its plans for the lending product. Coinbase Lend would have given users the ability to loan their USDC holdings and earn 4% interest with no risk to principal.