Last Updated on
NEW YORK (InsideBitcoins) — A “small number” of Coinbase users fell victim to a phishing email this morning, resulting in the loss of bitcoins from their accounts. In response, Coinbase announced that they would be reimbursing those affected and reassessing its API and application approval process. The company also mentioned the need for expanding the education of users regarding their vault system.
“To stop this from happening again, we are reassessing our API/application approval process, as well as re-visiting the limits of money that can be sent over an application,” Coinbase said in a statement. “We began to talk about how we can proactively reach out customers and educate them on how to use their Coinbase Vaults as a more secure way of storing their bitcoin.”
According to reports, the malicious email referred customers to a new service agreement and instructed them to accept it on the official site. Once customers clicked the provided link, the app sent a verification code, if two-factor authentication was enabled. Customers then logged in to a spoof site, only to realize later that they’d handed over all the necessary information to the thieves when their balance dropped to zero.
“Upon logging in, it said that all of my bitcoin had been transferred to a new wallet that I didn’t recognize,” said one affected user on Reddit. “This was really stupid of me as I should have checked and I have never fallen for something like this in the past, but it looked so legit … I remember a post that someone made here recently about Coinbase having a new service agreement so I blindly followed through.”
Coinbase assured customers they would be reimbursing those affected.
“We found this malicious application relatively quickly, and we shut it down,” Coinbase said. “Only a small number of users were affected, and we will be reaching out to them directly. We will be reimbursing the affected users the bitcoin that they lost, while we continue the investigation.”
Coinbase is insured by Aon, but it’s not likely that this is an instance that insurance covered. According to a blog post back in August, Coinbase is insured against theft and hacking, like those of Bitstamp and Blockchain.info, as well as losses due to physical or cyber breaches. However, Coinbase explicitly stated that customer negligence is not something they’re responsible for.
“The insurance covers losses due to breaches in physical or cyber security, accidental loss, and employee theft. It doesn’t cover bitcoin lost or stolen as a result of an individual user’s negligence to maintain secure control over their login credentials,” Coinbase explained.
The recent thefts occurred right after Coinbase announced raising $75 million in funding from investors, including the New York Stock Exchange, as well as USAA. They also recently announced a new regulated exchange.
With the added attention, Coinbase recently announced reaching 2,000,000 users. New users, new technology and media attention can often make a company a target for malicious attacks.