Coinbase Says It Prevented a Crafty Phishing Attack to Exfiltrate Keys

Published at: Aug. 9, 2019

The security team at cryptocurrency exchange Coinbase has revealed how it countered a sophisticated phishing attack aiming to exfiltrate private keys and passwords. 

In a blog post published on Aug. 8, the exchange outlined its discovery and reporting of the incident, which involved the exploitation of two 0-day vulnerabilities on Mozilla’s web browser Firefox.

A “highly-targeted and thought-out” attack

The first steps of the phishing scam, Coinbase reveals, date back to late May of this year, when over a dozen exchange employees received an email from an innocuous-seeming University of Cambridge “Research Grants Administrator.” Coming from a legitimate Cambridge academic domain, the email — and similar subsequent emails — passed security filters undetected.

The emails’ tactics changed, however, by mid-June: this time, the correspondence contained a URL that, when opened in Firefox, could install malware on the recipient’s machine.

Coinbase notes that within hours of receiving this email, it successfully detected and cooperated with other organizations to counter the attack. At the time of the incident, the exchange had emphasized that it had found no evidence of the campaign targeting Coinbase customers.

Over 200 individuals in total, across several — unnamed — organizations other than Coinbase, were eventually found to have been targeted. 

Key takeaways

Coinbase notes the attackers bode their time, sending multiple legitimate-seeming emails from compromised academic accounts, all of which referenced real academic events and were closely tailored to the specific profiles of phishing targets. After these rounds of correspondence, they attempted to infect just 2.5% of targets with the URL hosting the 0-day.

Coinbase’s security response timeline. Source: Coinbase Blog

The exchange reveals that as soon as both an employee and automated alerts flagged up the suspicious mid-June email, its response team found a swift way to counter the threat, capturing the 0-day from the phishing site while it was still live and in this way aiming to conceal the response from the attackers’ attention. The blog post adds:

“We also revoked all credentials that were on the machine, and locked all the accounts belonging to the affected employee. Once we were comfortable that we had achieved containment in our environment, we reached out to the Mozilla security team and shared the exploit code used in this attack.”

Mozilla, for its part, patched one of the two vulnerabilities by the next day, and the second within that same week.

Last month, Cointelegraph reported on the arrest of an Israeli citizen who allegedly stole $1.7 billion worth of cryptocurrency via a phishing campaign targeted at European users.

Tags
Blockchain
Cryptocurrency Exchange
Phishing
Coinbase
Security
Malware
Related Posts
Coinbase Fails to Top CryptoCompare’s Exchange Rankings due to 2019 Flash Crash
Coinbase, one of the most popular platforms in the United States, missed out on the number one spot in a ranking of crypto exchanges due to a 2019 Bitcoin (BTC) price glitch. The major U.S. crypto exchange and wallet service did not get to the top of the latest CryptoCompare’s crypto Exchange Benchmark rankings because its institutional trading arm Coinbase Pro experienced a major Bitcoin price flash crash in October 2019. CryptoCompare confirmed to Cointelegraph that the glitch was the primary reason behind the five-point drop for Coinbase in the “Negative Reports” section of rankings. “Coinbase would be top without …
Blockchain / Feb. 13, 2020
White Hat Hackers Earned $878,000 from Crypto Bug Bounties in 2018, Data Shows
White hat hackers have been awarded $878,000 in bug bounties this year, technology news website TheNextWeb reports on Dec. 30. Bug bounties are a type of competition in which companies that develop software invite hackers to break their software and responsibly disclose the vulnerabilities, so they are able to fix them before they are exploited. According to TheNextWeb, hackers earned $534,500 on HackerOne, a bug bounty platform connecting companies with hackers just from Block.one, the company which stands behind EOS. In fact, Block.one is reportedly responsible for 60 percent of all the bounties handed in this year. Major cryptocurrency exchange …
Blockchain / Dec. 30, 2018
Coinbase’s Former Toshi Wallet to Add Support for BTC, BCH, LTC ‘Very Soon’
Toshi, the open source decentralized app (DApp) browser and wallet developed by Coinbase, will reportedly support Bitcoin (BTC), Bitcoin Cash (BCH), and Litecoin (LTC) “very soon,” according to an official Medium post published August 15. The wallet, which has initial support for Ethereum (ETH) and ERC-20 tokens, has also been rebranded to become “Coinbase Wallet.” The newly rebranded wallet allows users to access decentralized exchanges, use third-party dApps, buy and store crypto-collectibles, and receive airdrops and tokens from Initial Coin Offerings (ICOs). Coinbase notes that users will be able to store their private keys within their devices, rather than on …
Blockchain / Aug. 16, 2018
Binance Falls From Top 10 in CryptoCompare’s New Crypto Exchange Rankings
London-based crypto data provider CryptoCompare has updated its crypto Exchange Benchmark, removing Binance cryptocurrency exchange from the list of the top 10 exchanges. Binance, the second biggest crypto exchange by daily trade volume to date, is not included in the CryptoCompare’s list as the rankings do not rely on aggregate volume data in its analysis, the firm said in a press release to Cointelegraph on Nov. 19. In order, the top 10 crypto exchanges in CryptoCompare’s second Exchange Benchmark are: Gemini, Paxos’ itBit, Coinbase, Kraken, Bitstamp, Liquid, OKEx, Poloniex, bitFlyer and Bitfinex. Binance was ranked seventh in the first Exchange …
Blockchain / Nov. 20, 2019
Financial Giant SBI Group to Develop Wallet Following New Partnership
Japan-based financial services firm SBI Group and Danish cryptography services company Sepior ApS have partnered to jointly develop a proprietary wallet, according to an announcement published Oct. 13. The wallet is set to ensure secure transactions on SBI’s cryptocurrencies exchange platform, VCTRADE. The SBI Group was established in 1999 in Japan as an Internet-based financial services provider. Since then, the company has formed a financial conglomerate with a focus on new technologies, including fintech, Internet of Things (IoT), artificial intelligence (AI), and others. In 2018, SBI reportedly invested over $533 million in the blockchain and AI sectors. Per the press …
Blockchain / Oct. 23, 2018