The hack took place between March and May 20 of this year,
according to a copy of the letter posted on the website of California's
Attorney General.
Unauthorized third parties exploited a flaw in the company's
SMS account recovery process to gain access to the accounts, and transfer funds
to crypto wallets not associated with Coinbase, the company said.
"We immediately fixed the flaw and have worked with
thecse customers to regain control of their accounts and reimburse them for the
funds they lost," a Coinbase spokesperson said on Friday.
The hackers needed to know the email addresses, passwords
and phone numbers linked to the affected Coinbase accounts, and have access to
personal emails, the company said.
Coinbase said there was no evidence to suggest the
information was obtained from the company.
News of the hack was earlier reported by technology news
portal Bleeping Computer. -Reuters