Coinbase Detail Recently Blocked Malware Attack

Coinbase Detail Recently Blocked Malware Attack

Security staff at Coinbase have detailed how a recent attack on their systems was effectively blocked preventing a malicious attack on their platform.

In the report penned by Phillip Martin, Coinbase’s Chief Information Security Officer, it described how the attack was orchestrated by someone posing as Gregory Harris, a Research Grants Administrator at the University of Cambridge. However, as Coinbase soon realised they were actually about to be subject to a “sophisticated, highly targeted, thought out attack that used spear-phishing/social engineering tactic” explained Martin.

Instigating the Attack

Following a series of emails where “nothing seemed amiss,” the attack was hidden in one email by Harris, in the form of a URL which, if opened in Firefox, would install malware which had the capabilities to take control over the victims’ machine.  

This is what is known in the computer security world as a zero-day vulnerability. However, in this case, there were two of these zero-days chained together, with the first allowing the attacker to escalate privileges via Javascript and a second that would allow them to evade the browser sandbox and host the computer.

According to Martin, the hacker took advantage of two vulnerabilities. One that had been existing a while and was already being monitored, but was tracked by the attack independently. While second was noted as “very interesting”, as it had only been available a couple of weeks prior to the attack. Indicating a “rapid discovery-to-weaponization cycle on the part of the attacker”.

It was believed that the attacker had spent time hunting out targets that would award high-payoffs before attempting to direct them to the malicious software. Via the cover of the university combined with a strategy that modelled human behaviour, he was able to bypass spam and other security measures which would usually quickly intercept such materials.

Defending the Attack

Luckily though, the Coinbase team were able to intercept the issues early on. They first contained the attack internally via a several pronged response, before reaching out to the Mozilla security team who remedied one of the issues within a day and the second within a week. Before contacting Cambridge university to help them secure their infrastructure and end the attacker’s campaign.

It is believed that the cybercriminal attempted to attack 200 different individuals with this same tactic, who Coinbase also reached out to help assist them in protecting their own systems. Effectively, diverting not only their only crisis but that of other would-be victims too.

“The Cryptocurrency industry has to expect attacks of this sophistication”

While this all unfolded back in mid-June, the full details of the prevented attacked were only revealed yesterday. Reminding us once again of some of the dangers posed to our online funds, but also how efficiently they can be prevented by legitimate security teams.

As Martin wrote, “The cryptocurrency industry has to expect attacks of this sophistication to continue, and by building infrastructure with excellent defensive posture, and working with each other to share information about the attacks we’re seeing, we’ll be able to defend ourselves and our customers, support the crypto-economy, and build the open financial system of the future.”

Ready to join our tribe?

We respect your email privacy

Subscribe now to recieve exclusive updates and offers!

Recently Similar News

Latest Guides

Latest News

Bitcoin,CoinMarketCap,Ethereum

Cryptocurrency Market Cap Jumps Past $2 Trillion

Cryptocurrencies continue to make headline news around the world as the total market cap surpassed $2 trillion on Monday. Supported by increased interest from institutional investors, celebrities, and retail investors, digital coins are now worth more than Apple Inc. Bitcoin has, once again, played a major role in the sector’s market cap. The world’s first […]

6 April, 2021
Digital Currency,Ethereum,Stablecoin

VISA Set To Support Cryptocurrency Settlements

The global payments corporation, VISA, announced on Monday that it is making preparations to allow USD Coin (USDC) to settle transactions within its network. This move is being viewed by industry analysts as yet another clear sign that cryptocurrencies are being accepted by major institutions within the traditional financial industry. USDC was selected by VISA […]

30 March, 2021
Casino,Ethereum,Gambling

CasinoFair Temporarily Shuts Down Amid Network Congestion

The popular cryptocurrency casino, CasinoFair, has announced in a recent blog post that it will be temporarily stopping its gaming services. Citing unsustainable congestion on the Ethereum network as the main reason for this pause, the casino reassured its players that it is “actively researching solutions and hope to be back with a new range […]

26 March, 2021
Bitcoin,Coinbase,CoinMarketCap

Significant Bitcoin Drops As Coinbase Announces IPO

The cryptocurrency market is back in turmoil following yet another volatile week where Bitcoin almost reached a record-breaking value of $60,000. Bitcoin drops are nothing new, but the recent 25% decrease has caused panic amongst even traders with an experience of major currency fluctuations. The latest drop comes as Coinbase, one of the world’s largest […]

1 March, 2021
Cybercrime,Scam,Trezor

Trezor Warns Users About Fake Mobile App

Trezor is warning users of a malicious mobile application featured on Google Play which appears to be associated with the wallet provider. At least 1,000 users have already downloaded this software, and it is likely that some have unwittingly provided their seed phrase to unlock their funds. Both Trezor and SatoshiLabs have confirmed the existence […]

26 January, 2021
Bitcoin,eToro,Trading

eToro Temporarily Raises Minimum Deposit To $1,000

For the past few weeks, the increase in Bitcoin’s price has led to a massive interest in cryptocurrency trading. eToro has been overwhelmed by new registrations and has decided to temporarily raise the minimum deposit from $200 to $1,000. Although 2021 has barely gotten started, it promises to be an exciting time to invest in […]

11 January, 2021
Bitcoin,Investment,Trading

Global Cryptocurrency Market Value Surpasses $1 Trillion

Thursday has proven to be a monumental day for cryptocurrencies as the world’s combined value tops the $1 Trillion mark. Energised by a substantial rise in the value of Bitcoin in recent months, the volatile crypto market has reached a once-unreachable value. Following the latest Bitcoin Halving in May 2020, the world’s largest digital token […]

10 January, 2021
Sponsored

Victory over virus: SiGMA Virtual Expo hosts 100+ exhibitors

SiGMA Europe and AIBC Virtual Expos launch with record breaking attendance, providing a cure to the industry’s events sector In the light of this year’s changes in our everyday lives, SiGMA was close to having to stop doing what it does best; creating networks for people through the company’s iconic physical events, but luckily, the […]

26 November, 2020