BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • An unknown hacker stole the data of Coinbase employees

    Cryptocurrency platform Coinbase reported that an unknown attacker stole the credentials of one of the employees in an attempt to gain remote access to the company's systems.

    The cybercriminal obtained the contact information of several Coinbase employees (names, phone numbers, email addresses), but the funds and customer data were not affected.

    Coinbase said cybersecurity controls prevented a hacker from gaining direct access to the system and prevented any loss of funds or compromise of customer information. Only a limited amount of data from the Coinbase corporate directory has been exposed.

    Coinbase shared the results of its investigation to help other companies identify attacker tactics, methods, and procedures (TTPs) and establish appropriate protections.

    The attack began on Feb. 5 when an attacker sent several Coinbase engineers SMS messages urging them to log into their corporate accounts to read an important notification.

    Most of the employees ignored the messages, but one of them fell for the trick – he followed a link to a phishing page and entered his credentials. The hacker then attempted to log into Coinbase's internal systems using the stolen credentials, but was unable to do so because access was secured by multi-factor authentication (MFA).

    After 20 minutes, the attacker called a company employee and introduced himself as an IT specialist at Coinbase. He convinced the victim to enter his workstation and perform some actions. The Coinbase CSIRT team detected unusual activity within 10 minutes of the attack starting and contacted the victim to inquire about unusual account activity. The employee then realized that a cyberattack was taking place and stopped communicating with the hacker.

    Will Thomas of the Equinix Threat Analysis Center (ETAC) discovered several additional Coinbase-related domains that matched the company description that may have been used in the attack:

    • sso-cbhq[.]com;
    • sso-cb[.]com;
    • coinbase[.]sso-cloud[.]com.

    It is worth noting that the attacker's modus operandi is similar to what was observed during the 0ktapus phishing campaign last year.

    Author DeepWeb
    Washington state public transit system hit by LockBit ransomware
    Play hacker group claims responsibility for Oakland attack

    Comments 0

    Add comment