Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
The security team at cryptocurrency exchange Coinbase has revealed how it countered a sophisticated phishing attack aiming to exfiltrate private keys and passwords.
The security team at cryptocurrency exchange Coinbase has revealed how it countered a sophisticated phishing attack aiming to exfiltrate private keys and passwords.Â
In a blog post published on Aug. 8, the exchange outlined its discovery and reporting of the incident, which involved the exploitation of two 0-day vulnerabilities on Mozillaâs web browser Firefox.
A âhighly-targeted and thought-outâ attack
The first steps of the phishing scam, Coinbase reveals, date back to late May of this year, when over a dozen exchange employees received an email from an innocuous-seeming University of Cambridge âResearch Grants Administrator.â Coming from a legitimate Cambridge academic domain, the email â and similar subsequent emails â passed security filters undetected.
The emailsâ tactics changed, however, by mid-June: this time, the correspondence contained a URL that, when opened in Firefox, could install malware on the recipientâs machine.
Coinbase notes that within hours of receiving this email, it successfully detected and cooperated with other organizations to counter the attack. At the time of the incident, the exchange had emphasized that it had found no evidence of the campaign targeting Coinbase customers.
Over 200 individuals in total, across several â unnamed â organizations other than Coinbase, were eventually found to have been targeted.Â
Key takeaways
Coinbase notes the attackers bode their time, sending multiple legitimate-seeming emails from compromised academic accounts, all of which referenced real academic events and were closely tailored to the specific profiles of phishing targets. After these rounds of correspondence, they attempted to infect just 2.5% of targets with the URL hosting the 0-day.
Coinbaseâs security response timeline. Source: Coinbase Blog
The exchange reveals that as soon as both an employee and automated alerts flagged up the suspicious mid-June email, its response team found a swift way to counter the threat, capturing the 0-day from the phishing site while it was still live and in this way aiming to conceal the response from the attackersâ attention. The blog post adds:
âWe also revoked all credentials that were on the machine, and locked all the accounts belonging to the affected employee. Once we were comfortable that we had achieved containment in our environment, we reached out to the Mozilla security team and shared the exploit code used in this attack.â
Mozilla, for its part, patched one of the two vulnerabilities by the next day, and the second within that same week.
Last month, Cointelegraph reported on the arrest of an Israeli citizen who allegedly stole $1.7 billion worth of cryptocurrency via a phishing campaign targeted at European users.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.