Coinbase Detail Recently Blocked Malware Attack

Coinbase Detail Recently Blocked Malware Attack

Security staff at Coinbase have detailed how a recent attack on their systems was effectively blocked preventing a malicious attack on their platform.

In the report penned by Phillip Martin, Coinbase’s Chief Information Security Officer, it described how the attack was orchestrated by someone posing as Gregory Harris, a Research Grants Administrator at the University of Cambridge. However, as Coinbase soon realised they were actually about to be subject to a “sophisticated, highly targeted, thought out attack that used spear-phishing/social engineering tactic” explained Martin.

Instigating the Attack

Following a series of emails where “nothing seemed amiss,” the attack was hidden in one email by Harris, in the form of a URL which, if opened in Firefox, would install malware which had the capabilities to take control over the victims’ machine.  

This is what is known in the computer security world as a zero-day vulnerability. However, in this case, there were two of these zero-days chained together, with the first allowing the attacker to escalate privileges via Javascript and a second that would allow them to evade the browser sandbox and host the computer.

According to Martin, the hacker took advantage of two vulnerabilities. One that had been existing a while and was already being monitored, but was tracked by the attack independently. While second was noted as “very interesting”, as it had only been available a couple of weeks prior to the attack. Indicating a “rapid discovery-to-weaponization cycle on the part of the attacker”.

It was believed that the attacker had spent time hunting out targets that would award high-payoffs before attempting to direct them to the malicious software. Via the cover of the university combined with a strategy that modelled human behaviour, he was able to bypass spam and other security measures which would usually quickly intercept such materials.

Defending the Attack

Luckily though, the Coinbase team were able to intercept the issues early on. They first contained the attack internally via a several pronged response, before reaching out to the Mozilla security team who remedied one of the issues within a day and the second within a week. Before contacting Cambridge university to help them secure their infrastructure and end the attacker’s campaign.

It is believed that the cybercriminal attempted to attack 200 different individuals with this same tactic, who Coinbase also reached out to help assist them in protecting their own systems. Effectively, diverting not only their only crisis but that of other would-be victims too.

“The Cryptocurrency industry has to expect attacks of this sophistication”

While this all unfolded back in mid-June, the full details of the prevented attacked were only revealed yesterday. Reminding us once again of some of the dangers posed to our online funds, but also how efficiently they can be prevented by legitimate security teams.

As Martin wrote, “The cryptocurrency industry has to expect attacks of this sophistication to continue, and by building infrastructure with excellent defensive posture, and working with each other to share information about the attacks we’re seeing, we’ll be able to defend ourselves and our customers, support the crypto-economy, and build the open financial system of the future.”

Recently Similar News

cex-promotion exmo-promotion

Latest Guides

Latest News

Ripple,Updates,XRP

Ripple Reveal Two New Clients

One of the biggest names in the cryptocurrency industry, Ripple has announced they have acquired two new customers. This announcement follows from news come the XRP camp several months ago that $500 million had been set aside to expand their use cases and is one the latest examples of them doing just that. The news […]

21 September, 2019
Banking,Binance Research,Blockchain

Blockchain Bonds Pipped to Become New Standard

New research has discovered that blockchain may be the future for the issuance of financial bonds.  The analysis, which was undertaken by the research arm of the exchange platform Binance, discovered this via a deep dive into the practice of leading Spanish bank branch, Santander. The bank itself is one of the most recognisable bank […]

20 September, 2019
Binance,Binance USA,Launch,USA

Binance USA Opens It Doors To Traders

After months of build-up and uncertainty, Binance USA has officially opened its doors and is ready for users to sign up and enjoy their service. The news of its launch comes not a second too soon for traders, after the international platform closed its doors to US traders last week, following an update to its […]

19 September, 2019
Exmo,EXMO Coin,IEO,Updates

Exmo Announce IEO And Request Beta Testing Volunteers

After a fairly quiet period from Exmo, it is now clear to see why as today, they have announced details of a new IEO and a request for volunteers for stop order beta testing on September 26, 2019. The Summer months were busy for the Exmo team. July saw the announcement of a new partnership […]

18 September, 2019
Commission,Exmo,Payment Solution,Updates

Exmo Announce Commission Changes for AdvCash

Every now and then, we hear news from exchange platform Exmo about updates to their payment provider charges. This time they have made some updates to the commission on deposit and withdrawals for the payment service AdvCash. The largest exchange platform in Eastern Europe announced the news via a blog uploaded earlier today, so if […]

17 September, 2019
Exchange Platforms,KuCoin,Law,Listings

KuCoin Delist 5 Projects from their Exchange

As part of their Special Treatment Rule, KuCoin will be delisting a selection of crypto projects from their platform. The Special Treatment (ST) process sees certain coins remove from the platform due to being deemed to have negative or risky qualities associated with them. These qualities can range from the project not providing appropriate information […]

17 September, 2019
Appointment,BitPanda,Exchange Platforms,Updates

BitPanda Welcome New Chief Financial Officer

BitPanda has had an internal shake around and appointed Peter Grausgruber as their new chief financial offer. The news of the appointment was made earlier on their website, where the new man himself explained, “The focus of my career is to help companies grow”. Something he states will be at the head of his priorities […]

16 September, 2019
Binance,Binance Launchpad,Giveaway,Token Sale

Band Lottery Promo Available Now on Binance

Binance has announced a new lottery to users where they can win a $300 worth of tokens each! As we announced last week, the 9th Launchpad project from Binance of the year was confirmed by the exchange platform to be the Band Protocol. This had raised $3 million in seed investments from 3 different lead […]

16 September, 2019