Coinbase preyed on by sophisticated attack campaign

Coinbase Ventures

The increasing attention to cryptocurrencies has brought with it a target with cybercriminals looking to prey on individuals and firms in the space. Leading global exchange Coinbase is the latest to come under fire with a recent cybersecurity attack.

Earlier this month, Coinbase employees were victims of a cybersecurity attack that involved text messaging scams through the impersonations of staff from the exchange’s IT department. While no customer’s Bitcoin ($BTC) or crypto funding or direct data was impacted as a result of the attack, it still brings cybersecurity and possible vulnerabilities into light.

According to a report released by the company’s engineering team, several Coinbase employees received messages requiring them to log in urgently via a link provided; a link to offer “an important message”. According to Coinbase, one employee did not recognise the attempt as a hack and followed the link:

While the majority ignore this unprompted message – one employee, believing that it’s an important and legitimate message, clicks the link and enters in their username and password. After ‘logging in,’ the employee is prompted to disregard the message and thanked for complying.”

Following this, the suspect made several attempts to gain access to Coinbase’s internal systems remotely, but ultimately failed to break into the systems and pass through the Multi-Factor Authentication.

When the perpetrator was unsuccessful in the attack, they then called the employer’s number and claimed to be the IT department at Coinbase looking for assistance. During the call, the employee recognised the suspicious behaviour and cut the call.   Coinbase noted that the attack is believed to be a part of a sophisticated hack campaign that has been plaguing companies in the cryptocurrency space over the last year. While the attack was unsuccessful, hacks of this kind – relying on the trust of the person – often target customers and employees and preys on the person to offer their information directly to gain access to their funds.

Coinbase concluded its note with a warning that having any sort of an online presence runs the risk of a cyberattack of sorts, offering:

Be on guard, particularly if someone calls or contacts YOU.  A simple best practice is to hang up the phone and use a trusted phone number or company chat technology to reach out for help.  Never speak to or provide information or login information to someone who reached out to you first.”

Related Articles

What is the EU’s Markets in Crypto Assets (MiCA) law?

The European Union will be voting on the markets in crypto-assets (MiCA) in April; which will determine how crypto asset issuers are...

The US Treasury suggests a CBDC could rattle banks

According to a study by the United States Treasury, a CBDC or stablecoin might destabilise the banking system.

US Senator attempts to ban CBDC with new legislation

United States Senator Ted Cruz has introduced a new bill that aims to prevent the launch of a central bank digital currency (CBDC) in the...

The top three privacy-focused cryptocurrencies

Privacy cryptocurrencies are designed to offer the greatest anonymity and security possible with untraceable transactions.

See All