For HomeFor BusinessFor Partners
Industry News
2 min read

Coinbase Employee Credentials Stolen in Recent Security Incident

Vlad CONSTANTINESCU

February 21, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Coinbase Employee Credentials Stolen in Recent Security Incident

Cryptocurrency exchange platform Coinbase has recently disclosed an attack that exposed the company’s systems and cost it sensitive data.

The attack, on Feb. 5, involved an unknown fraudster sending fake SMS alerts to several Coinbase employees, attempting to con them into following a malicious link.

Reportedly, the SMS mentioned an important message and urged recipients to log in to their corporate accounts to read it.

It took only a single employee to follow the rogue URL for the perpetrator to breach Coinbase’s systems and make off with the employee’s data. After typing their credentials into the phishing form, the employee was prompted with a “thank you” note and advised to dismiss the message.

The perpetrator then tried to log in to Coinbase’s internal systems, only to run up against the company’s multi-factor authentication (MFA) policy. The threat actor pulled a Hail Mary and contacted the previously-deceived employee, pretending to be a legitimate Coinbase IT staff member. The attacker then gave the employee instructions that would allow them access to the company’s systems.

Coinbase’s Computer Security Incident Response Team (CSIRT) quickly caught the suspicious activity and reached out to the victim, who, upon realizing what had happened, cut all communications with the attacker.

According to the company, the threat actor only managed to exfiltrate employee information, leaving customer data and funds untouched.

“Our CSIRT team immediately suspended all access for the victimized employee and launched a full investigation,” reads Coinbase’s security advisory. “Because of our layered control environment, there were no funds lost and no customer information was compromised. The clean-up was relatively quick, but still - there are a lot of lessons to be learned here.”

Coinbase released a series of Tactics, Techniques and Procedures (TTPs) that other companies should look for in their corporate logs, including:

  • Web traffic from sso-*.com, *-sso.com, login.*-sso.com, dashboard-*.com, *-dashboard.com, where * represents the company’s name
  • Download attempts from AnyDesk (anydesk dot com) and ISL Online (islonline dot com)
  • Organization access attempts from third-party VPN providers, specifically Mullvad VPN
  • Incoming communications from Skype, Google Voice, Vonage/Nexmo, and Bandwidth dot com
  • Unexpected attempts to install the “EditThisCookie” browser extension

tags

Industry News

Author

Vlad CONSTANTINESCU

Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

Right now Top posts

Is Your Digital Footprint Placing You in Scammers’ Crosshairs?
Scam

Is Your Digital Footprint Placing You in Scammers’ Crosshairs?

October 17, 2024

4 min read
What Key Cyberthreats Do Small Businesses Face?
Tips and Tricks How to Very Small Business

What Key Cyberthreats Do Small Businesses Face?

September 06, 2024

4 min read
Got a Strange Text? 5 Signs That You’re Being Scammed (and How to Protect Yourself)
Scam

Got a Strange Text? 5 Signs That You’re Being Scammed (and How to Protect Yourself)

September 02, 2024

6 min read
Scam Alert: How Fraudsters Are Exploiting WhatsApp Group Chats and What You Need to Know to Stay Safe
Scam How to

Scam Alert: How Fraudsters Are Exploiting WhatsApp Group Chats and What You Need to Know to Stay Safe

August 13, 2024

3 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Why Netizens Should Care About Data Leaks
Digital Privacy

Why Netizens Should Care About Data Leaks
Alina BÎZGĂ

October 30, 2024

4 min read
Action Fraud Warns Public to Enable Additional Security Layers Amid Surge in Social Media and Email Account Hacking
Digital Privacy Content Creators Tips and Tricks

Action Fraud Warns Public to Enable Additional Security Layers Amid Surge in Social Media and Email Account Hacking
Alina BÎZGĂ

October 16, 2024

5 min read
Internet Archive Data Breach Affects 31 Million Users
Digital Privacy Data Breach

Internet Archive Data Breach Affects 31 Million Users
Alina BÎZGĂ

October 10, 2024

3 min read

Bookmarks

loader