Coinbase preyed on by sophisticated attack campaign

Coinbase Ventures

The increasing attention to cryptocurrencies has brought with it a target with cybercriminals looking to prey on individuals and firms in the space. Leading global exchange Coinbase is the latest to come under fire with a recent cybersecurity attack.

Earlier this month, Coinbase employees were victims of a cybersecurity attack that involved text messaging scams through the impersonations of staff from the exchange’s IT department. While no customer’s Bitcoin ($BTC) or crypto funding or direct data was impacted as a result of the attack, it still brings cybersecurity and possible vulnerabilities into light.

According to a report released by the company’s engineering team, several Coinbase employees received messages requiring them to log in urgently via a link provided; a link to offer “an important message”. According to Coinbase, one employee did not recognise the attempt as a hack and followed the link:

While the majority ignore this unprompted message – one employee, believing that it’s an important and legitimate message, clicks the link and enters in their username and password. After ‘logging in,’ the employee is prompted to disregard the message and thanked for complying.”

Following this, the suspect made several attempts to gain access to Coinbase’s internal systems remotely, but ultimately failed to break into the systems and pass through the Multi-Factor Authentication.

When the perpetrator was unsuccessful in the attack, they then called the employer’s number and claimed to be the IT department at Coinbase looking for assistance. During the call, the employee recognised the suspicious behaviour and cut the call.   Coinbase noted that the attack is believed to be a part of a sophisticated hack campaign that has been plaguing companies in the cryptocurrency space over the last year. While the attack was unsuccessful, hacks of this kind – relying on the trust of the person – often target customers and employees and preys on the person to offer their information directly to gain access to their funds.

Coinbase concluded its note with a warning that having any sort of an online presence runs the risk of a cyberattack of sorts, offering:

Be on guard, particularly if someone calls or contacts YOU.  A simple best practice is to hang up the phone and use a trusted phone number or company chat technology to reach out for help.  Never speak to or provide information or login information to someone who reached out to you first.”

Related Articles

India Preparing for a CBDC-Driven Economy: Central Bank Governor’s Vision

Outgoing Reserve Bank of India Governor Shaktikanta Das believes that the digital rupee has the potential to transform India's economy.

El Salvador Plans Bitcoin Policy Changes to Secure $1.3B IMF Loan

El Salvador reportedly anticipates an agreement with the IMF for a $1.3 billion loan, contingent on amendments to its Bitcoin Law.

Floki & Mastercard Launch 13 Crypto Debit Cards In Europe

Floki is among increasing crypto companies launching regional payment cards, enabling users to spend cryptocurrencies.

BitOasis Secures Full Crypto Licence in Dubai: A Milestone for CoinDCX

BitOasis has secured a full VASP licence, finalising its VARA licensing process and enabling it to provide crypto trading services.

See All