Coinbase Breaches Security With Social Engineers

May 21, 2023

Coinbase, one of the world’s largest crypto exchanges, recently suffered a breach that involved hackers exploiting social engineering to steal cryptocurrency. The attack took advantage of a secure messaging service (SMS) vulnerability to bypass Coinbase’s multi-factor authentication process.

Coinbase responded to the breach by sending a notification letter to 6,000 affected customers and has begun reimburse those users whose funds were stolen.

Email Addresses

Social engineering is a technique employed by cybercriminals to manipulate individuals into giving away their sensitive information, such as passwords, personal details and account data. This approach has the potential for many problems such as identity theft, malware infections and financial loss.

Coinbase recently managed to successfully thwart a social engineering attack against their major company by employing an effective and speedy defense. A persistent SMS phishing attempt targeted one employee, yet the security team was able to detect and block it quickly.

This phishing campaign was identified by PIXM, a cyber security firm that monitors email scams and warns users of potential risks. The phishing email purports to be from an authenticating body and instructs the recipient to click a link that grants them access to their Coinbase wallet.

To prevent this from occurring, always double-check the sender’s credentials before opening any emails. A spoofed sender address is a common tactic hackers use to gain access to someone’s email account. To protect yourself against such breaches, make sure you always double-check all emails before clicking any links within them.

Be wary of friend requests from unknown users. These scams often contain links that lead to malicious websites or even download malware.

Once an attacker gains access to your email, they can spam you with fraudulent or malicious messages. Make sure all communications from friends and trusted acquaintances who you interact with regularly in real life are trusted by you.

To protect yourself against this type of attack, remain alert and monitor your Coinbase account activity regularly. If you’re uncertain whether a message is legitimate, reach out to Coinbase customer support via their website or phone number listed in your user profile.

If you are a Coinbase user and believe your email address has been compromised, the process to change it is as follows. Upload a government-issued document such as your passport or driver’s license to verify your ID. Afterward, send yourself a verification code via email and SMS to complete the request. Upon completing these steps, your Coinbase email address will be reset.

Passwords

Coinbase, one of the world’s largest crypto exchanges, was breached by social engineers using phishing techniques to steal passwords and account information in October 2021. This incident is believed to be similar to recent attacks against Twilio and Cloudflare.

Coinbase’s security team detected the attack quickly and blocked access to their systems with multi-factor authentication (MFA), according to a post on their blog. They also notified the affected customer and began processing their request for a password reset immediately thereafter, according to Coinbase’s post.

Unfortunately, one employee was duped into falling for the phishing scam and providing their credentials. They received a phone call from someone posing as part of Coinbase IT team, asking for their password and username.

Social engineering, also known as social media engineering, can be very effective but also dangerous. If a hacker obtains access to someone’s Coinbase account, they have the potential to transfer funds directly into their personal accounts. This approach is especially hazardous if the victim does not know how to change their password or has no other means of protecting their data.

This phishing campaign was successful because it exploited a flaw in Coinbase’s SMS-based two-factor authentication process, allowing the attackers to bypass an extra layer of protection. They used the stolen token to gain access and siphon money from around 6,000 customer accounts between March and May of 2021.

Phishing campaigns typically employ social engineering techniques and a malicious website. These attempts attempt to make it appear that users are securely typing in their Coinbase passwords, and may also include links to sites where malicious software or applications can be downloaded.

Coinbase reports that passwords were stolen in the initial phase of a phishing attack and used to breach its internal system. Fortunately, security personnel detected the breach within 10 minutes and immediately blocked any further attempts by the threat accessor to gain direct access to its systems.

Coinbase Breach of Phone Numbers

As more and more modern online services rely on phone numbers for password resets and authentication, it’s easy to see how your number could get into the wrong hands. This is especially true if you have a new phone or recently switched your carrier, as your old number may still be active with another customer and grant them access to personal information about yourself.

Security risks such as “phone number recycling” can arise in the United States due to telecom providers often recycling phone numbers when customers switch plans or phones. This presents a potential security breach, since an untrustful individual could easily obtain access to your number and potentially steal money or other sensitive information depending on which carrier it’s with.

Princeton University researchers recently discovered that many recycled phone numbers contain links to online accounts previously held by their previous owners, including sensitive calls and text messages. Furthermore, in some cases a recycled number can be used for administrative access on websites including social media networks like Twitter.

These attacks are unfortunately commonplace, so it’s essential for consumers to be aware of them so they can take steps to protect their privacy and avoid becoming victims. For instance, it is recommended to delete any email addresses or other personal information from social media platforms you no longer use.

Additionally, it’s wise to remove all contact information from your phone in order to avoid giving out personal details like addresses or phone numbers to unwanted callers and texts. Doing this can help guard against unwanted phone calls and texts from unknown individuals.

Coinbase was victim to a social engineering attack that targeted some of their employees with SMS messages urging them to log in to their work accounts. One employee clicked on the link and entered their credentials into a phishing site, giving the attacker access to that employee’s Coinbase account.

Coinbase’s breach was carried out by a cybercriminal linked to the 0ktapus hacking group. While several companies have been targeted by this group over the past year, such as Twilio and Cloudflare, this marks the first time a cryptocurrency exchange has been breached. This is an extremely serious incident that serves as a reminder that hackers will always attempt to exploit any weaknesses in our systems or software; fortunately, Coinbase’s quick response shows they are committed to safeguarding their users.

Coinbase Breach of Personal Information

Social engineering is a popular and efficient means for attackers to access sensitive data. These attacks can take place inside an organization as well as outside it. Social engineers use various tactics to extract personal information from employees for use in fraudulence activities and other criminal activities.

At Coinbase, the perpetrators obtained customer personal information through social engineering and phishing techniques. These attacks take advantage of the emotional response a targeted user has when faced with threats or requests for personal data.

Threat actors may posing as company executives to induce targeted users to grant them access to an account. This approach may be successful if the target feels threatened about losing money or facing prosecution for their actions.

They can also pose as an outside contractor and request confidential information from a trusting employee. With this data, they could gain entry into an organization and take over control of systems.

Once inside, cybercriminals can access passwords and sensitive personal information stored on the system. The stolen data could be used for identity theft, financial fraud, or selling the victim’s details on darknet markets.

These attacks can be highly sophisticated. They may require time for a threat actor to build trust with their target, yet they can be swift when an attacker conveys a sense of urgency and uses fear or stress as leverage in order to coerce them into providing their information.

Companies can prevent successful social engineering attacks by ensuring their employees are fully aware of the risks and have a comprehensive security awareness training program in place. This education will teach employees to detect various types of attacks and respond in accordance with their organization’s security policies.

The most prevalent social engineering attack is phishing emails. These emails appear legitimate but actually originate from malicious sources, such as PayPal or Fed Ex. Typically, they include a link that directs users to an exploitative website where they are asked for credentials or other sensitive personal information.

Ammar Fakhruddin

ABOUT AUTHOR

Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.


Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events

Solutions

Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing

Resources

Blog

About Us