The California-based digital currency exchange Coinbase stops hack attack that could potentially have left the exchange with loss of billions of dollars.
The said hack targetted over two hundred employees in the exchange; however, swift action allowed the exchange to overcome the hacking attack that could have caused devastating losses to the company and investors.
How Coinbase stops hack attack?
It all started back in May when emails were received by Coinbase’s two hundred employees. Those emails were sent from the United Kingdom’s Cambridge University’s compromised accounts by a group of hackers CRYPTO3/HYDSEVEN.
Reportedly, the plan was well-executed and seemed to be carried out by a group of hackers who had considerable experience in developing exploits.
The content of the email indicated that a research grants administrator Gregory Harris wanted employees of Coinbase to judge contestants for some economics prize.
Moreover, to make this whole episode credible, the hackers shared some harmless links of the contest page initially to make them click on the following link with exploit payload, which was then sent to only five employees of Coinbase by using two Firefox 0-day exploits.
One of them enabled the attacker to increase privileges from the JavaScript (CVE-2019–11707), whilst the other one enabled the hacker to escape browser sandbox and execute the code on the host’s computer (CVE-2019–11708).
However, the second one was possible only after May 12, which tends to indicate that the hackers are very advanced in their game.
Nonetheless, one of the Coinbase employees ended up clicking on the link. So, all the credentials were revoked on that computer and all the accounts of that affected employee were locked.
Coinbase representative stated in this regard that Security Operations of Coinbase received numerous alerts about unusual activity, but they were able to tackle the situation and defend themselves due to Coinbase’s security-first culture.
