Coinbase employees scammed through SMS phishing campaign
The cryptocurrency exchange platform, Coinbase, has revealed that its employees were involved in a cyberattack in early February 2023, whose focus was gaining access to the company’s system.
The company reported that several employees received SMS messages requiring them to log in immediately to their employee accounts. It is understood that only one employee fell for the phishing scam and provided the information required by the hacker.
The exploiter tried to access the Coinbase’s internal system with the stolen employee’s information, but the Multi-Factor Authentication (MFA) did not allow them to pass through that step. This is when the attacker decided to contact the employee by phone.
The perpetrator claimed to be from Coinbase’s IT department in an attempt to steal more information from the employee to finally gain access to the system. However, Coinbase’s Computer Security Incident Response Team (CSIRT) noticed unusual activity from its Security Incident and Event Management (SIEM) system.
The employee terminated all types of communication with the attacker when he was notified by an incident responder through the company’s internal messaging system. As per the Coinbase report on the incident, all of the employee’s funds and information that had been compromised, were protected.
This type of phishing campaign is becoming more and more common as the crypto industry gains exposure. The attempted attack shows that everyone is vulnerable to scamming, which is why we must always stay alert and double check the validity of the source when giving away personal information.
Sources: cointelegraph.com, www.bleepingcomputer.com
analyst opinion
Marcus Jr.
The company reported that several employees received SMS messages requiring them to log in immediately to their employee accounts. It is understood that only one employee fell for the phishing scam and provided the information required by the hacker.
The exploiter tried to access the Coinbase’s internal system with the stolen employee’s information, but the Multi-Factor Authentication (MFA) did not allow them to pass through that step. This is when the attacker decided to contact the employee by phone.
The perpetrator claimed to be from Coinbase’s IT department in an attempt to steal more information from the employee to finally gain access to the system. However, Coinbase’s Computer Security Incident Response Team (CSIRT) noticed unusual activity from its Security Incident and Event Management (SIEM) system.
The employee terminated all types of communication with the attacker when he was notified by an incident responder through the company’s internal messaging system. As per the Coinbase report on the incident, all of the employee’s funds and information that had been compromised, were protected.
This type of phishing campaign is becoming more and more common as the crypto industry gains exposure. The attempted attack shows that everyone is vulnerable to scamming, which is why we must always stay alert and double check the validity of the source when giving away personal information.
Sources: cointelegraph.com, www.bleepingcomputer.com