Coinbase preyed on by sophisticated attack campaign

Coinbase Ventures

The increasing attention to cryptocurrencies has brought with it a target with cybercriminals looking to prey on individuals and firms in the space. Leading global exchange Coinbase is the latest to come under fire with a recent cybersecurity attack.

Earlier this month, Coinbase employees were victims of a cybersecurity attack that involved text messaging scams through the impersonations of staff from the exchange’s IT department. While no customer’s Bitcoin ($BTC) or crypto funding or direct data was impacted as a result of the attack, it still brings cybersecurity and possible vulnerabilities into light.

According to a report released by the company’s engineering team, several Coinbase employees received messages requiring them to log in urgently via a link provided; a link to offer “an important message”. According to Coinbase, one employee did not recognise the attempt as a hack and followed the link:

While the majority ignore this unprompted message – one employee, believing that it’s an important and legitimate message, clicks the link and enters in their username and password. After ‘logging in,’ the employee is prompted to disregard the message and thanked for complying.”

Following this, the suspect made several attempts to gain access to Coinbase’s internal systems remotely, but ultimately failed to break into the systems and pass through the Multi-Factor Authentication.

When the perpetrator was unsuccessful in the attack, they then called the employer’s number and claimed to be the IT department at Coinbase looking for assistance. During the call, the employee recognised the suspicious behaviour and cut the call.   Coinbase noted that the attack is believed to be a part of a sophisticated hack campaign that has been plaguing companies in the cryptocurrency space over the last year. While the attack was unsuccessful, hacks of this kind – relying on the trust of the person – often target customers and employees and preys on the person to offer their information directly to gain access to their funds.

Coinbase concluded its note with a warning that having any sort of an online presence runs the risk of a cyberattack of sorts, offering:

Be on guard, particularly if someone calls or contacts YOU.  A simple best practice is to hang up the phone and use a trusted phone number or company chat technology to reach out for help.  Never speak to or provide information or login information to someone who reached out to you first.”

Related Articles

MoonPay Announces PayPal Fiat On-Ramp for UK and EU

MoonPay suggested that PayPal ranks as the third most commonly used payment method in the US, following Apple Pay and traditional bank...

Tuttle Capital’s Latest ETF: Mimicking Congress’ Stock Picks

Tuttle Capital is basing the strategy of its newly proposed ETF on the mandatory stock disclosure filings of U.S. lawmakers.

MP Calls for Blockchain; Crypto Group Rebrands

Australian MP stated that blockchain technology could inject $60 billion into the economy, while the advocacy group feels otherwise.

Singapore Authorities Warn Businesses of Bitcoin Ransomware Threat

Singapore police advised businesses against paying ransom and asked them to report the incident to authorities immediately.

See All