A Coinbase user unfortunately lost 206 Bitcoin, currently valued over $12 million, to a hacker.
First reported by Business Insider, the US Attorneys Office in Los Angeles said that in April of this year a hacker managed to send a fake Coinbase notification to someone’s phone almost immediately after they had purchased a large batch of BTC. It’s unclear how or if the hacker knew about the recent purchase.
The notification reportedly told the user that their account had been locked and further action was required. They were instructed to call a phone number in order to regain access.
An unknown individual answered the call and instructed the user to sign into their account and make a series of changes, one of which was for the user to provide remote access to the account.
“Once granted access to the Victim Account, UI-1 (unidentified individual) increased the daily transaction limit and also attempted to deactivate certain notifications and alert settings on the Victim Account,” said Assistant United States Attorney Dan G. Boyle.
It took less than ten minutes for the bad actor to flush millions of dollars worth of Bitcoin and Stellar Lumens (XLM) from the victim’s account.
Investigators tracked the crypto being sent through an elaborate set of transactions, and identified at least one part of the batch going to Huobi Global. However, the crypto sent to Huobi only accounts for $600,000 worth of the users stolen funds, and it’s still not clear what happened to the rest. Authorities say investigation is ongoing and there have been no arrests.
Dolly M. Gee, district judge of the United States District Court for the Central District of California, has order Huobi to freeze the funds in an effort to catch the perpetrator.
Coinbase was in the news last month when it was revealed that over 6,000 of their customer’s accounts were hacked and had crypto stolen from them. According to a letter sent to victims, Coinbase discovered that hackers were able to get ahold of their users’ emails, passwords, and phone numbers associated with their accounts.
“While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.”