Major Crypto Brokerage Coinmama Reports 450,000 Users Affected by Data Breach

Published at: Feb. 16, 2019

Israel-based crypto brokerage Coinmama — which allows users to purchase Bitcoin (BTC) and Ethereum (ETH) using a credit card — has suffered a major data breach affecting 450,000 of its users. The incident was disclosed in an official company announcement on Feb. 15.

The breach is reportedly part of a mammoth, multi-platform hack that affected 24 companies and a total of 747 million records — among them gaming, travel booking and streaming sites.

Coinmama says a list of around “450,000 email addresses and hashed passwords” of users who registered on its platform before Aug. 5, 2017 have been posted on a dark web registry:

“As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information.”

Aside from immediately notifying users, Coinmama says its response team is requiring all potentially affected users to reset their passwords upon login, as well as monitoring its array of systems for suspicious activity or unauthorized access. The platform says it is working to enhance its safeguards and track any external signals that the compromised data is being used.

Aside from new password requirements for potential victims of the hack, the site requests all users to ensure their passwords are robust and unique, and to avoid opening emails or attachments from unknown senders, or providing any personal data to any third party sites.

Although the data breach impacted not only Coinmama, but a gamut of companies outside the crypto sector, the hack represents the second high-profile system compromise in the industry this year.

On Jan. 15, tens of thousands of Ethereum (ETH) wallets hosted by New Zealand crypto exchange Cryptopia were hacked, leading to losses estimated to be worth up to $23 million — with the breach continuing for a couple of weeks after the incident’s detection.

A recent report from New York-based blockchain intelligence firm Chainalysis estimated that two — likely still active — organized hacker groups have reportedly stolen $1 billion in cryptocurrency, accounting for the majority of funds lost in crypto-related scams.

Tags
Related Posts
North Korean Hacker Group Modifies Crypto-Stealing Malware
The Lazarus hacker group, which is allegedly sponsored by the North Korean government, has deployed new viruses to steal cryptocurrency. Major cybersecurity firm Kaspersky reported on Jan. 8 that Lazarus has doubled down its efforts to infect both Mac and Windows users’ computers. The group had been using a modified open-source cryptocurrency trading interface called QtBitcoinTrader to deliver and execute malicious code in what has been called “Operation AppleJeus,” as Kaspersky reported in late August 2018. Now, the firm reports that Lazarus has started making changes to the malware. Kaspersky identified a new macOS and Windows virus named UnionCryptoTrader, which …
Cryptocurrencies / Jan. 9, 2020
Most Significant Hacks of 2019 — New Record of Twelve in One Year
Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches. As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s …
Ethereum / Jan. 5, 2020
Researchers Detect New North Korea-Linked MacOS Malware on Crypto Trading Site
Security researchers have discovered a new cryptocurrency-related macOS malware believed to be the product of North Korean hackers at the Lazarus Group. As tech-focused publication Bleeping Computer reported on Dec. 4, malware researcher Dinesh Devadoss encountered a malicious software on a website called “unioncrypto.vip,” that advertised a “smart cryptocurrency arbitrage trading platform.” The website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.” Linkage to North Korean hackers According to the researchers, the malware can retrieve a payload from a remote location and run it in memory, which is not common for macOS, but …
Asia / Dec. 4, 2019
N. Korean Hackers’ New MacOS Malware Hides Behind Fake Crypto Firm
The notorious North Korean hackers known as the Lazarus APT Group have created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm. Apple Mac security specialist and principal security researcher at Jamf Patrick Wardle published a blog post on Oct. 12 outlining the nature of the malware, revealed by MalwareHunterTeam (MHT) researchers the previous day. Closely related to earlier macOS crypto-malware MHT and Wardle have warned that at the time of their warning, the malware was undetected by any engines on VirusTotal and that the sample appears to be closely related to a strain of Mac malware …
Cryptocurrencies / Oct. 14, 2019
NZ Exchange Cryptopia Reports Hack With 'Significant Losses'
New Zealand digital assets exchange Cryptopia has suspended services after detecting a major hack that has reportedly “resulted in significant losses,” according to a tweet posted today, Jan. 15. The exchange revealed in the tweet that the hack occurred yesterday, Jan. 14. The platform had initially informed the public it was undergoing unscheduled maintenance, issuing several similarly laconic updates before today’s official disclosure of the breach. According to today’s tweet, the exchange has notified government agencies and authorities, including the New Zealand Police and High Tech Crimes Unit, who have reportedly opened an investigation into the matter and are allegedly …
Ethereum / Jan. 15, 2019