Coinbase staff were urged via SMS to log in to read an important coinbase notification. For convenience, the SMS message included a Coinbase login link, but that link went to a bogus site that captured usernames and passwords.
The attackers did not think about 2FA (two-factor authentication code) this was needed with the username and password. Where the attackers did get usernames and passwords, they could not access the Coinbase platform as they did not have access to the two-factor authentication code. Username and passwords are easily changed.
One Coinbase employee fell for the scam and provided their credentials, after which they were directed to ignore the message.
Despite the Coinbase cyber attack, customer data and funds remained unaffected, and only contact information belonging to some Coinbase employees was obtained by the attacker.
Fortunately, no funds were taken and no customer information was accessed or viewed.