Coinbase Detail Recently Blocked Malware Attack

Coinbase Detail Recently Blocked Malware Attack

Security staff at Coinbase have detailed how a recent attack on their systems was effectively blocked preventing a malicious attack on their platform.

In the report penned by Phillip Martin, Coinbase’s Chief Information Security Officer, it described how the attack was orchestrated by someone posing as Gregory Harris, a Research Grants Administrator at the University of Cambridge. However, as Coinbase soon realised they were actually about to be subject to a “sophisticated, highly targeted, thought out attack that used spear-phishing/social engineering tactic” explained Martin.

Instigating the Attack

Following a series of emails where “nothing seemed amiss,” the attack was hidden in one email by Harris, in the form of a URL which, if opened in Firefox, would install malware which had the capabilities to take control over the victims’ machine.  

This is what is known in the computer security world as a zero-day vulnerability. However, in this case, there were two of these zero-days chained together, with the first allowing the attacker to escalate privileges via Javascript and a second that would allow them to evade the browser sandbox and host the computer.

According to Martin, the hacker took advantage of two vulnerabilities. One that had been existing a while and was already being monitored, but was tracked by the attack independently. While second was noted as “very interesting”, as it had only been available a couple of weeks prior to the attack. Indicating a “rapid discovery-to-weaponization cycle on the part of the attacker”.

It was believed that the attacker had spent time hunting out targets that would award high-payoffs before attempting to direct them to the malicious software. Via the cover of the university combined with a strategy that modelled human behaviour, he was able to bypass spam and other security measures which would usually quickly intercept such materials.

Defending the Attack

Luckily though, the Coinbase team were able to intercept the issues early on. They first contained the attack internally via a several pronged response, before reaching out to the Mozilla security team who remedied one of the issues within a day and the second within a week. Before contacting Cambridge university to help them secure their infrastructure and end the attacker’s campaign.

It is believed that the cybercriminal attempted to attack 200 different individuals with this same tactic, who Coinbase also reached out to help assist them in protecting their own systems. Effectively, diverting not only their only crisis but that of other would-be victims too.

“The Cryptocurrency industry has to expect attacks of this sophistication”

While this all unfolded back in mid-June, the full details of the prevented attacked were only revealed yesterday. Reminding us once again of some of the dangers posed to our online funds, but also how efficiently they can be prevented by legitimate security teams.

As Martin wrote, “The cryptocurrency industry has to expect attacks of this sophistication to continue, and by building infrastructure with excellent defensive posture, and working with each other to share information about the attacks we’re seeing, we’ll be able to defend ourselves and our customers, support the crypto-economy, and build the open financial system of the future.”

Ready to join our tribe?

We respect your email privacy

Subscribe now to recieve exclusive updates and offers!

Recently Similar News

Latest Guides

Latest News

Binance,Bitcoin,SEPA

Binance Suspends SEPA Inward Payments Until Further Notice

Binance Suspends SEPA Inward Payments Until Further Notice Binance has just announced that it has temporarily stopped all incoming SEPA payments. As a result, users will no longer be able to deposit euros using the primary European payments network. The world’s largest cryptocurrency exchange did not provide any specific information regarding the reason behind this […]

12 July, 2021
Bitcoin,Cryptocurrency,Investment

Why are Crypto Holders Worried of Declaring Their Ownership?

Cryptocurrencies have been popularly regarded as the future of finance globally. Investing in virtual coins has become a lot easier than it was a few years ago with the evolving crypto industry. Over the last few years, Bitcoin has caused a lot of buzz in the market. It has established itself as the de facto […]

8 July, 2021
Bitcoin,CoinMarketCap,Trading

Bitcoin On The Rebound Following Elon Musk’s Latest Announcement

The price of the world’s largest cryptocurrency is rising again following the latest comments from Elon Musk. Bitcoin’s price has climbed and stayed above $40,000 on Monday 14th June, following an announcement by Musk that Tesla will, once again, start accepting BTC payments. The latest comments have proven once more what a powerful influence the […]

16 June, 2021
Bitcoin,Cryptocurrency,Regulation

Bitcoin Is Now Legal Tender In El Salvador

The world largest cryptocurrency has become a legal currency in El Salvador. Following a congressional vote held on Tuesday, a significant majority agreed to adopt Bitcoin and use it alongside the country’s other currency, the US dollar. In the words of El Salvador’s President, this decision has made “history”. Within the next 90 days, all […]

10 June, 2021
advertisement,Cryptocurrency,Google

Google Updates Its Advertising Policy To Allow Crypto Ads

Global search engine giant, Google, has announced that it will be accepting cryptocurrency advertisements targeting customers in the US. This change to the tech giant’s financial products and services ads policy is expected to be made at the start of August 2021. As a result, operators of cryptocurrency exchanges and wallets will be able to […]

8 June, 2021
Bitcoin,Coinbase,Trading

Coinbase Stock Loses Over 25% Since April IPO

It was hailed as one of the greatest moments in cryptocurrency history. The Coinbase IPO was seen as the tipping point of the sector, a moment when cryptocurrencies will finally find their well-deserved place within the financial industry. Interest was high, and when Coinbase (COIN) began trading on the Nasdaq on April 14, 2021, the […]

26 May, 2021
Bitcoin,Cryptocurrency,Social Media

Bitcoin Drops by Over 30% to $30,000 After Another of Elon Musk’s Tweets

Tesla’s CEO and among the top three richest people in the world, Elon Musk, has yet again sent Bitcoin and other altcoins on a wild ride that saw the markets bleed after massive sell-offs. In a flurry of tweets that begun on Sunday, Elon seems to have implied that Tesla would liquidate its Bitcoin holdings. […]

20 May, 2021
Blockchain,Investment,Technology

Tune In To The 4th Edition of the AIBC Pitch

On the 25th of May 2021, Dubai will once again play host to the much-anticipated Draper-Aladdin AIBC Startup Pitch. 100 companies operating in the exciting fields of AI, Blockchain, Quantum Tech, FinTech, Big Data and IoT will be showcasing their ideas to investors and other stakeholders. Up to $500,000 can be won by any single […]

16 May, 2021