Just in time for Cybersecurity Awareness Month, Coinbase has disclosed a “large-scale” phishing attack that impacted users earlier this year.
In the blog post, the company claims that the scammers never breached Coinbase’s “security infrastructure or broader systems.” The company also stated that it “immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.”
Coinbase detailed some of the tactics incorporated in the phishing attacks in its blog post. To gain control of user accounts, scammers sent phishing emails that claimed to be from Coinbase. When users clicked on a link in the email and entered their account credentials, the perpetrators were able to see the credentials and take control of the accounts.
What remains unclear is exactly how the hackers were able to identify the email addresses of a large number of Coinbase users. Coinbase said “there was no evidence to suggest the information was obtained from [inside] the company.”
Coinbase did not immediately respond when asked if it could clarify how the scammers gained access to the email addresses.