Late last night, Bitcoin wallet Coinbase posted a memo to users saying it had discovered an email phishing attack that deceptively gets Coinbase users to give a malicious app access to their wallets.
The email asks Coinbase users to accept a new terms-of-service agreement. The exploit then prompts users to login into their Coinbase account, thus authorizing a malicious program to take Bitcoin out of their wallets. Coinbase says it has since corrected the problem and is exploring ways to prevent it in the future.
“To stop this from happening again, we are reassessing our API/application approval process, as well as re-visiting the limits of money that can be sent over an application,” the company wrote in a post.
Additionally, Coinbase plans to educate customers on how to use its storage options safely. The company says only a small number of customers were affected by this attack, all of whom will have their stolen Bitcoin refunded to them.
This phishing attack is a small speed bump for Coinbase, which has been growing rapidly since its launch.
Already this year, Coinbase has raised a $75 million round of funding. It’s also been quickly rolling out digital products across the U.S. to build a larger use case for Bitcoin in the region and to help the company snag a large share of the market as it develops. To date Coinbase has accrued $106.7 million in funding.