Coinbase Detail Recently Blocked Malware Attack

Coinbase Detail Recently Blocked Malware Attack

Security staff at Coinbase have detailed how a recent attack on their systems was effectively blocked preventing a malicious attack on their platform.

In the report penned by Phillip Martin, Coinbase’s Chief Information Security Officer, it described how the attack was orchestrated by someone posing as Gregory Harris, a Research Grants Administrator at the University of Cambridge. However, as Coinbase soon realised they were actually about to be subject to a “sophisticated, highly targeted, thought out attack that used spear-phishing/social engineering tactic” explained Martin.

Instigating the Attack

Following a series of emails where “nothing seemed amiss,” the attack was hidden in one email by Harris, in the form of a URL which, if opened in Firefox, would install malware which had the capabilities to take control over the victims’ machine.  

This is what is known in the computer security world as a zero-day vulnerability. However, in this case, there were two of these zero-days chained together, with the first allowing the attacker to escalate privileges via Javascript and a second that would allow them to evade the browser sandbox and host the computer.

According to Martin, the hacker took advantage of two vulnerabilities. One that had been existing a while and was already being monitored, but was tracked by the attack independently. While second was noted as “very interesting”, as it had only been available a couple of weeks prior to the attack. Indicating a “rapid discovery-to-weaponization cycle on the part of the attacker”.

It was believed that the attacker had spent time hunting out targets that would award high-payoffs before attempting to direct them to the malicious software. Via the cover of the university combined with a strategy that modelled human behaviour, he was able to bypass spam and other security measures which would usually quickly intercept such materials.

Defending the Attack

Luckily though, the Coinbase team were able to intercept the issues early on. They first contained the attack internally via a several pronged response, before reaching out to the Mozilla security team who remedied one of the issues within a day and the second within a week. Before contacting Cambridge university to help them secure their infrastructure and end the attacker’s campaign.

It is believed that the cybercriminal attempted to attack 200 different individuals with this same tactic, who Coinbase also reached out to help assist them in protecting their own systems. Effectively, diverting not only their only crisis but that of other would-be victims too.

“The Cryptocurrency industry has to expect attacks of this sophistication”

While this all unfolded back in mid-June, the full details of the prevented attacked were only revealed yesterday. Reminding us once again of some of the dangers posed to our online funds, but also how efficiently they can be prevented by legitimate security teams.

As Martin wrote, “The cryptocurrency industry has to expect attacks of this sophistication to continue, and by building infrastructure with excellent defensive posture, and working with each other to share information about the attacks we’re seeing, we’ll be able to defend ourselves and our customers, support the crypto-economy, and build the open financial system of the future.”

Register for Latest Updates & News

We respect your email privacy

Subscribe now to recieve exclusive updates and offers!

Recently Similar News

Latest Guides

Latest News

1xBit Guide: Crypto Sportsbook & Casino

The casino and sportsbook industry continues to witness an increase in the number of platforms within the space. This creates a challenge of identifying the best and most reliable sportsbooks that will offer you the most impressive services. In this guide, 1xBit shall be reviewed in terms of its service offerings and unique features that […]

11 January, 2022

XBE Community Launches a $500k Bug Bounty

Decentralized technology is built to attract the smartest and brightest brains from all over the world to work towards a common goal: free and fair financial systems. Despite the uncertainties surrounding future laws, DeFi protocols are rapidly adapting and growing to provide new ways for individuals to obtain more value from their money. And this […]

28 December, 2021

11 Biggest Sponsorships Deals for the Crypto Market in 2022

The global sports industry is looking to revamp its activities and recover from the after-shocks of the COVID-19 pandemic. Cryptocurrency platforms on the other hand have enjoyed immense growth and are searching for big platforms that can provide better brand visibility. That’s where sports and crypto make a perfect match with many global sports organizations […]

1 December, 2021

ChangeNOW Unveils a New Cashback Feature

ChangeNow offers crypto users smooth exchanges and doesn’t stop there. The exchange platform provides registered users a chance to profit from crypto swaps with cashback in NOW tokens through the ChangeNOW website. The cryptocurrency exchange and processing platform offer you an effortless way to turn your traffic into profit and boost your crypto journey. The […]

15 November, 2021

Celsius Casino is Raising the Temperatures with a Voluminous Game Lobby

Celsius Casino has become a go-to gaming destination for casino fans looking for an action-packed online gaming platform. The online casino boasts a robust game catalogue with over 4,000 games. The extensive game portfolio caters to Slots, Table Games, and Live Casino fanatics and is powered by well-known providers such as Evolution Gaming, NetEnt, and […]

9 November, 2021

ChangeNOW Has Announced the Release of its Own Digital Wallet

Limitless and swift crypto exchange platform ChangeNOW has released its own non-custodial NOW Wallet, facilitating fiat to crypto purchases and reliable crypto transactions from the comfort of a mobile phone. NOW Wallet is available in beta version for both iOS and Android devices and allows users to transact with over 20,000 currency pairs, regardless of […]

29 October, 2021
BitPanda,Bonus,token

BitPanda Enhances Its BEST Rewards Programme

The EU-based cryptocurrency exchange, BitPanda, has improved its loyalty programme, BEST Rewards. It is now providing owners of its BitPanda EcoSystem Token (BEST) an additional 12% in potential revenue each year. Every registered BitPanda user who has BEST in his or her wallet and carries out at least one monthly trade will be eligible for […]

25 October, 2021
ChangeNOW,Decentralised,Fraud

ChangeNOW’s AML Action Lead To The Return Of $15M COMP

Earlier this week, ChangeNOW announced that it was able to identify and return 45,505 COMP back to Compound. The estimated value of this recovery is around the $15m mark. This remarkable achievement is further proof of the effectiveness of the exchange’s Anti-Money Laundering (AML) procedures. In an announcement made on ChangeNOW’s website, the company provided […]

6 October, 2021