An unknown threat actor went to great lengths to try and compromise the internal systems belonging to one of the world’s most popular cryptocurrency exchange platforms using a phishing attack.
While the attackers ultimately succeeded in breaching the system, they were ousted before being allowed to cause any serious harm. According to Coinbase, customer funds, as well as customer data, are all safe and sound.
The hacker initially sent out five phishing SMS messages to Coinbase employees, asking them to urgently log into their company accounts and read an important message. The messages contained a link that impersonated the Coinbase corporate login page, but was in fact nothing more than a malicious landing page designed to steal sensitive data.
Protected by MFA
While most employees saw right through the scam, one did not, and thus gave the hackers their login credentials. After logging in, the victim was thanked and prompted to disregard the message. While successful in obtaining the login credentials, the attackers couldn’t do much as the account was protected with multi-factor authentication (MFA).
That didn’t stop them, though. They soon called the victim on the phone, impersonating the company’s IT department, and asked them to log into the workstation and follow different instructions.
"Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers," Coinbase explained.
It took Coinbase’s CSIRT some ten minutes to realize the company’s being attacked, and to reach out to the victim about the unusual activity.
At that point, the victim realized they're being defrauded, and terminated the communication with the attacker.
While no one can know for sure who is behind the campaign, which follows a similar modus operandi seen in last year's Scatter Swine/0ktapus phishing campaigns.
Back then, cybersecurity experts from Group-IB said the attackers managed to steal almost 1,000 corporate access logins by sending phishing SMS messages.
- Check out the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.