Coinbase discloses recent cyberattack targeting employees
No customer funds or information were impacted, according to the company. Coinbase’s engineering team believes the attack is associated with a sophisticated phishing campaign.
News
Coinbase employees were targeted in a cybersecurity attack on Feb. 5 involving SMS scams and the impersonations of IT staff, according to a recent report from the company’s engineering team. No customers’ funds or information were impacted, the crypto exchange said.
According to the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter’ instructions:
The perpetrator then made repeated attempts to gain remote access to Coinbase’s internal systems with the employee’s username and password, but was unable to pass through the Multi-Factor Authentication (MFA) security measure.
After failing to authenticate and being automatically blocked, the exploiter contacted the employee by phone. According to the report, the attacker claimed to be Coinbase’s IT department and asked the employee for assistance:
Coinbase’s Computer Security Incident Response Team (CSIRT) was alerted about an unusual activity by its Security Incident and Event Management (SIEM) system. An incident responder reached out to the victim via the company’s internal messaging system in response to the atypical behavior.
“Realizing something was seriously wrong, the employee terminated all communications with the attacker,” said the report. According to Coinbase, its layered control environment protected customer funds and information, even though some of its personnel information had been compromised.
has The company believes the attack is associated with a sophisticated attack campaign that has targeted many companies since last year, especially in the United States. Cybersecurity company Group-IB reported in August similar phishing attacks on employees of Twilio and Cloudflare as part of a massive campaign ending in 9,931 accounts of over 130 organizations being compromised.
Coinbase’s team also noted that its customers and employees are frequent targets of fraudsters, and the solution lies in offering appropriate training: