Question as they did not mention Sim Swap in the email. Was this confirmed somewhere?
"the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in
order to receive an SMS two-factor authentication token and gain access to your account".
I'm personally more familiar with incidents using SMS stealers (mobile malware) or use of SS7 vulnerabilites due to my job. Telcos in our country (europe) run tight security on SIM swaps.
I was surprised about their recommendation to use time-based OTPs. They basically have the same attack vectors as SMS minus independent channel sign-what-you-see capabilites.
I'm personally more familiar with incidents using SMS stealers (mobile malware) or use of SS7 vulnerabilites due to my job. Telcos in our country (europe) run tight security on SIM swaps.
I was surprised about their recommendation to use time-based OTPs. They basically have the same attack vectors as SMS minus independent channel sign-what-you-see capabilites.
Edit: Answer was in other comments