Coinbase revealed yesterday, in a blog post, that it witnessed a sophisticated attack on its computer systems. If successful, the hackers would have been able to download code—such as a virus—onto its systems, for nefarious reasons. Luckily, the attempt was thwarted.
The blog post refers to two Firefox 0-day vulnerabilities that took place in May and June. This is a technical name given to computer software flaws that if left unaddressed enable hackers to take advantage of a system.
On May 30, an email was sent to around a dozen Coinbase employees from someone by the name of Gregory Harris, posing as a research grants administrator at the University of Cambridge. According to Philip Martin, the vice president of security at Coinbase, this email—and several after it—didn’t initially raise any red flags for the company.
The email correspondence led to the hacker connecting with the right members of staff that he or she was looking for. Once the hacker was put in touch with “high-payoff targets,” a second email was then delivered, with a hidden element.
On June 17, Harris sent another email containing a URL, which, when opened in Firefox, was designed to install malware capable of taking over someone’s computer, giving it access to steal passwords and important data. Not a good look.
However, this triggered automated alerts for the exchange, which eventually led to the exploit being discovered. Once the issue was contained, Coinbase informed Mozilla—which builds Firefox—of the issue.
Martin said, “This was a “sophisticated, highly targeted, thought out attack that used spear phishing/social engineering tactics and, most importantly, two Firefox 0-day vulnerabilities.”
But luckily, all appears to be safe. And more importantly, the hacker didn’t get hold of tons of KYC data. Unlike, er, Binance.