Thousands of Coinbase customers had their assets stolen in a phishing attack. The company has said that it will refund the over 6,000 clients who had their funds drained. A security breach was also responsible for the data leaks. The company’s servers were unaffected by the intrusion.

Coinbase, the Bitcoin wallet company, says at least 6,000 users had money stolen from their accounts. Hackers were able to get around an SMS-based verification feature that the company used to secure many accounts. The phishing attack was first discovered in August, but the full magnitude of the attack was only revealed after a letter written to affected consumers went viral.

The letter claims hackers gained access to victims’ email accounts, which were then used to steal their cryptocurrency. Despite the fact that Coinbase requires “two-factor authentication,” which involves clients receiving a text message to confirm a transaction, the SMS version of this failed. A third party used a “weakness” in Coinbase’s infrastructure to get access to clients’ accounts, the company believes. Instead of a code-word code, customers were provided an SMS two-factor authentication token.

The company did not say how many of its systems had been compromised. It further announced that clients who have lost money as a result of the phishing attempt will be refunded. The hacking attacks did not appear to have targeted the company’s internal systems, contrary to popular belief. The attacks were instead the consequence of consumers falling for phishing scams targeting their personal email accounts, which is a typical phenomenon.

The incident took place between March and May, but the corporation only announced it this week, it’s unclear why Coinbase took so long to reveal the events. It doesn’t appear to have done anything to alert its clients earlier, or even months later. Although the corporation revealed a sophisticated phishing attempt in a blog post earlier this week, it did not mention that hackers had effectively defrauded hundreds of clients using it.

The company did not want to get in the way of law enforcement organizations looking into the incident, according to a Coinbase representative.

“We didn’t feel comfortable announcing the assault publicly until we had completed the appropriate steps to ensure that it couldn’t be effectively replicated and that law enforcement investigations would not be endangered.” The spokesperson stated.

The attacks appear to have been global in nature, since the Coinbase statement says that credit monitoring services will be provided in “your nation of domicile,” but it doesn’t specify which country. Customers should use a more secure two-factor authentication method, such as an external hardware device or verification software.