I agree 100% on this. But where would the hacker get from 6k email addresses
and their passwords too?
Imho they've got them from Coinbase DB.
If they would have tons of hacked accounts, they would have stolen money from many more people (just because many still don't use 2FA).
Of course, Coinbase using SMS for 2FA was a setup asking for a disaster. And I come back to what I wrote: a proper security audit should have revealed that.