(Bloomberg) -- Coinbase Global Inc. said customers of the biggest U.S. cryptocurrency exchange were targeted by a large-scale email phishing attack earlier this year, with criminals able to steal funds from accounts of more than 6,000 users.

Typically, attackers sent users emails, purporting to be from Coinbase and asking them to submit long-in credentials, the exchange said in a blog. Then they’d used these credentials to impersonate the user, and even receive text messages to gain access. Coinbase said it fixed its system to prevent future attacks. At least 6,000 customers had funds taken from accounts, according to a breach letter on the California Attorney General’s website that was previously reported by Reuters.

“We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost,” the company said in a statement, declining to provide further details. Coinbase’s own infrastructure was never breached.


©2021 Bloomberg L.P.