Crypto exchange Coinbase hacked, sensitive data stolen
>
An unknown threat has gone to great lengths to compromise the internal systems of one of the world’s most popular cryptocurrency exchange platforms using a phishing attack.
Although the attackers eventually managed to breach the system, they were driven off before they could do any serious damage. According to Coinbase, customer funds and customer data are all safe and sound.
The hacker initially sent five phishing text messages to Coinbase employees, asking them to urgently log into their corporate accounts and read an important message. The messages contained a link that imitated (opens in new tab) Coinbase login page, but was in fact nothing more than a malicious landing page designed to steal sensitive data.
Protected by MFA
While most of the employees saw through the scam, one didn’t and so gave the hackers their credentials. After logging in, the victim was thanked and ordered to ignore the message. While they managed to get their hands on the credentials, there wasn’t much the attackers could do because the account was secured with multi-factor authentication (MFA).
However, that didn’t stop them. They soon called the victim, posing as the company’s IT department, and asked them to log into the workstation and follow several instructions.
“Fortunately, no money was taken and no customer information was accessed or viewed, but some limited contact information was stolen from our employees, notably employee names, email addresses and some phone numbers,” Coinbase explains.
It took Coinbase’s CSIRT about ten minutes to realize that the company was under attack and to contact the victim about the unusual activity.
At that point, the victim realized they were being scammed and cut off communication with the attacker.
Although no one can be sure who is behind the campaign, which follows a similar modus operandi to last year’s Scatter Swine/0ktapus phishing campaigns.
At the time, cybersecurity experts from Group-IB said the attackers managed to steal nearly 1,000 company access logins by sending phishing text messages.
Through: Beeping computer (opens in new tab)