Andreessen Horowitz-backed bitcoin wallet provider Coinbase confirmed via a company blog post on 7th February that "a small handful" of its customers have fallen victim to phishing attacks.
The reports of bitcoin wallet security vulnerabilities, however small, have nonetheless reverberated widely in an industry that is being increasingly cast in a shroud of uncertainty by the mainstream media.
The Verge confirmed what it called "a string of Bitcoin thefts that have hit the service in recent weeks".
In its piece, it profiled the story of a Coinbase user named Jeff, who lost 10.6 BTC in bitcoins due to theft this December. What's most unique about Jeff's story, however, is that one month later, his refunded money was stolen from the service yet again.
The media outlet revealed that it has confirmed two separate thefts occurred to users on the service in addition to Jeff's multiple thefts, for amounts of $16,000 and $5,000, respectively.
The sum total of the thefts, as noted by the piece, is roughly $40,000.
The extent of the attacks
The security firm FireEye told the Verge that it believes it is unlikely that Coinbase suffered a system-wide vulnerability, and that instead, each individual victim was compromised in isolation.
However, it suggested that Coinbase's "unusually powerful" API may have been a factor:
FireEye did suggest that the company itself does not seem responsible for the attacks, which were not aimed at its infrastructure. Further, it suggested that Coinbase's user agreement clearly states that individuals are responsible for the safety of their private keys.
By using the wallet provider's two-factor authentication, the report suggested, Jeff could have prevented the loss of his API key, which once his account was compromised may have been reactivated by the hackers.
Coinbase reacts
The San Francisco-based company downplayed the thefts, stating that "phishing is unfortunately common across the Internet", and noting that it affects banking institutions, payment processors and retailers in the traditional financial system as well.
Further, the company indicated that, because of the concern over phishing attacks, it has implemented enhanced security measures, that when used with best practices for web surfing, can help limit these occurrences:
Coinbase representatives declined further requests for comment, stating that the blog post represented their official position on the attacks.
Image credit: Digital key via Shutterstock