Crypto exchange Coinbase has announced that a hacker stole the login credentials of a company employee to gain remote access to its system, and as a result, obtained some contact information belonging to multiple employees but customer data and funds remained unharmed.
“Coinbase recently experienced a cybersecurity attack that targeted one of its employees. Fortunately, Coinbase’s cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Only a limited amount of data from our corporate directory was exposed,” Coinbase said in a blogpost.
The company stated that on Sunday (February 5), several employees’ mobile phones started to alert with SMS messages indicating that they need to urgently log in via the link provided to receive an important message.
While the majority of employees ignored this unprompted message, one employee, believing it to be an important and legitimate message, clicked the link and entered their login information.
After “logging in”, the employee was asked to disregard the message and thanked for doing so.
Further, the attacker equipped with a legitimate Coinbase employee username and password made repeated attempts to gain remote access to the company.
However, the attacker was unable to provide the required Multi-Factor Authentication (MFA) credentials — and was blocked from gaining access, said the company.
Moreover, the crypto exchange platform noted that, after a while, its employee’s mobile phone rang, and it started having a conversation with the attacker who claimed to be from Coinbase corporate Information Technology (IT), and needed the employee’s help.
Believing that they were speaking to a legitimate Coinbase IT staff member, the employee logged into their workstation and began following the attacker’s instructions.
“That began a back-and-forth between the attacker and an increasingly suspicious employee. As the conversation progressed, the requests got more and more suspicious,” said Coinbase.