Crypto exchange giant Coinbase prevents cyber-attack, but employee data exposed

Nigerian fintech unicorn Flutterwave denies $6.3M hack on user accounts

TL;DR Breakdown

  • Crypto exchange Coinbase has reported a recent cyber attack that targeted one of its employees.
  • The attacker called the employee and claimed to be from Coinbase’s corporate Information Technology (IT) department, seeking the employee’s help.

Crypto exchange Coinbase has reported a recent cyber attack that targeted one of its employees, resulting in the theft of login credentials and the exposure of some contact information belonging to multiple employees. However, the company’s cyber controls prevented the attacker from gaining direct system access, and no customer data or funds were compromised.

“Coinbase recently experienced a cybersecurity attack that targeted one of its employees. Fortunately, Coinbase’s cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Only a limited amount of data from our corporate directory was exposed.”

Coinbase Team

How the attack occurred

According to Coinbase, on February 5, several employees received SMS messages indicating they urgently needed to log in to receive an important message. While most employees ignored the message, one employee clicked the link and entered their login information, thinking it was a legitimate message. The attacker, equipped with a legitimate Coinbase employee username and password, made repeated attempts to gain remote access to the company but could not provide the required Multi-Factor Authentication (MFA) credentials, which blocked their access.

Subsequently, the attacker called the employee and claimed to be from Coinbase’s corporate Information Technology (IT) department, seeking the employee’s help. The employee, believing the caller to be a legitimate Coinbase IT staff member, logged into their workstation and followed the attacker’s instructions. However, the employee became increasingly suspicious as the conversation progressed, and ultimately the requests became too suspicious.

Coinbase reassured its customers that no funds or customer information were compromised, and only a limited amount of data from the corporate directory was exposed. The incident highlights the importance of strong cyber controls and employee awareness in preventing successful cyber attacks.

Preventing cyber-attacks

Coinbase shared some key tactics, techniques, and procedures (TTPs) that other crypto companies can use to identify and defend against a similar attack.

The TTP includes monitoring web traffic from the company’s technology assets to specific addresses, such as sso-.com, -sso.com, login.-sso.com, dashboard-.com, and *-dashboard.com. Additionally, monitoring downloads or attempted downloads of specific remote desktop viewers, including AnyDesk and ISL Online, and any attempts to access the organization from a third-party VPN provider, specifically Mullvad VPN is vital, according to Coinbase.

Furthermore, Coinbase also shared that crypto companies should be vigilant of incoming phone calls/text messages from specific providers, including Google Voice, Skype, Vonage/Nexmo, and Bandwidth. They should also monitor unexpected attempts to install specific browser extensions, including EditThisCookie.

According to Will Thomas of the Equinix Threat Analysis Center (ETAC), some additional Coinbase-themed domains, such as sso-cbhq[.]com, sso-cb[.]com, and coinbase[.]sso-cloud[.]com, were possibly used in the attack. It is essential to know that the attacker’s modus operandi is similar to what was observed during the Scatter Swine/0ktapus phishing campaigns last year.

Group-IB, a cybersecurity company, also reported that the threat actor stole almost 1,000 corporate access logins by sending phishing links over SMS to company employees.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Damilola Lawrence

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Related News

Hot Stories

Ethereum (ETH) and Bitcoin (BTC) Bounceback But Investors Look for a Robust ICO Project as a Bear Market Hedge; Will Orbeon Protocol (ORBN) Qualify?
11th Global Blockchain Congress by Agora Group Took Place on March 6th & 7th at Sofitel Dubai The Obelisk
Crypto Casinos Online: The Safest Place to Gamble?
5 Alternatives To Shiba Inu With High Growth Potential in 2023
Crypto Expert Forecasts for 2023 Look At Litecoin (LTC), Solana (SOL), and TMS Network (TMSN)

Follow Us

Industry News

Coinbase appeals to the Supreme Court on forced arbitration—here is what happened
NFTs could face 28% capital gains tax in the US: Here is what you need to know
Celsius estimated $144M legal and advisory expenses attracts mixed reactions
Coinbase expands to Brazil with a Pix Partnership
Sweden's largest pension fund sells entire shares in First Republic Bank at a $728 million loss

Add Your Heading Text Here