Coinbase Reveals How It Averted A Complex Hacking Attack Seeking To Extract Private Keys And Passwords

Coinbase’s security team has revealed that it managed to stop a complex phishing attack that sought to extract user private keys and passwords.

In an official blog post the crypto exchange giant revealed that the incident involved the exploitation of two 0-day vulnerabilities on the Mozilla Firefox browser.

According to the blog post, the first steps of this phishing attack started in late-May this year. In the beginning, more than 12 employees of the exchange received an email claiming to be from Gregory Isaacs, a Research Grants Administrator of the University of Cambridge.

The email came from a real Cambridge University UK domain and passed the security filters undetected. Within a couple of weeks, the employees received more emails, which easily passed security checks as they did not have any malicious content.

However, the attackers soon changed their tactics. On June 17, the employees received another email. Unlike the emails that came before it, this email contained a URL. Upon opening the URL with the Firefox browser, it installed a malware on the recipient’s computer.

The San Francisco based exchange details that the hackers used compromised academic accounts to send emails.

The initial emails referenced legitimate academic events. Also, the hackers customized them to fit specific profiles of phishing targets. The June 17 move attempted to infect only 2.5 percent of the targets with the URL that hosted the 0-day.

Coinbase claims that its system and one of its employees flagged the email as suspicious. The exchange’s security team then worked quickly to stop the threat.

With one employee ending up clicking the sent URL. At that point the exchange says:

“we revoked all credentials that were on the machine, and locked all the accounts belonging to the affected employee.”

Although the firm does not divulge lots of details on how they stopped the phishing attack, afterward, Mozilla fixed one of the vulnerabilities in the following day and dealt with the other one in the same week.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Joseph Kibe
Joseph Kibe
Joseph is a blockchain and cryptocurrency enthusiast, with a strong conviction that exposure of blockchain technology is for the good of the society. Fascinated by the massive potential of cryptocurrencies and the technology behind them – blockchain – Joseph spent lots of his time learning more about the industry, becoming a polished expert writer in the sector. He covers any cryptocurrency and blockchain related content.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,466FansLike
2,795FollowersFollow
4,237FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Bitfinex Offers $400M Reward For Info on 120k BTC Stolen in 2016; Hackers Can Collect Too

On August 2, 2016, Bitfinex experienced one of the biggest crypto heists of all time, as hackers exploited the system, running off with approximately...

Crypto Trading Platform, 2gether, Unable To Refund $1.4M Hack; Offers Its Native Tokens

Spanish cryptocurrency trading app, 2gether announced on Sunday the platform faced a hack on July 31 on its investment coffers losing €1.183 million ($1.4...

Venture Fund to Invest Majority of $100 Million Raised Fund in DeFi Protocols

San Francisco-based venture fund Electric Capital has raised $100 million from university endowments and other non-profits and it will be using this to invest...

Filecoin to Begins its Incentivized Testnet This Week Ahead of Project Launch Next Month

Crypto project Filecoin which proposes to create a peer-to-peer storage system, will begin its incentivized testnet this week. This testnet will allow users to...

Ethereum 2.0 Final Testnet, Medalla, Rolls Out; Is A 2020 Launch Now In Sight?

The Ethereum 2.0 Phase 0 Medalla public testnet finally went live on August 4, 2020 at around 1AM GMT giving hope of a possible...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today