Don’t let smishing get you down! Learn how Coinbase employees were targeted by a persistent social engineering attack and how the company’s quick defence protected it from disaster.
Coinbase, one of the largest cryptocurrency exchanges in the world, has reported a cybersecurity incident that targeted its employees with an SMS phishing attack (Smishing) using persistent social engineering tactics.
Coinbase has over 1,200 employees worldwide, and as of 2022, the exchange was home to more than 103 million verified users. This makes the company a lucrative target for small-time crooks and state-based hacking groups such as Lazarus and others alike.
The Text Message
It all started on Sunday, February 5, 2023, when several Coinbase employees received text messages asking them to use the link sent by the attacker for an urgent login. While all recipients ignored the text, one employee logged in with his/her username and password.
With the help of the employee’s login credentials, the attacker attempted to access Coinbase’s internal network. However, since the company had enabled multi-factor authentication (MFA) for employees, the attacker could not bypass the security feature and was unable to proceed further even after several attempts.
While the attacker was unsuccessful in accessing Coinbase’s system, a limited amount of data from the company’s directory was exposed, including names, email addresses, and phone numbers of a limited number of employees.
The Call
The second phase of the attack began with a phone call to the employee’s mobile phone, with the attacker claiming to be a member of Coinbase’s corporate Information Technology (IT) team.
Trusting that the caller was a legitimate Coinbase IT staff member, the employee logged into their workstation and began following the attacker’s instructions. However, as the conversation progressed, the employee began to grow increasingly suspicious of the requests being made.
Thankfully, the employee’s suspicions were enough to prevent any damage from occurring. No funds were taken, and no customer information was accessed or viewed during the incident.
Based on the attacker’s modus operandi, Coinbase believes the incident was not an isolated one and is linked to a series of cyberattacks that have taken place recently, including Twilio, DoorDash, Zendesk, Namecheap and others.
Coinbase has since released a statement urging all employees to remain vigilant against phishing attempts and other forms of cyber attacks. The company has emphasized the importance of verifying the identity of anyone who requests access to sensitive information or systems and has offered resources and training to help employees recognize and respond to potential threats.
This incident serves as a stark reminder of the ongoing threat posed by cybercriminals, and the need for individuals and organizations alike to remain vigilant against these attacks.
By staying informed and taking proactive measures to protect themselves and their information, individuals and businesses can help to minimize the risk of falling victim to phishing scams and other forms of cybercrime.
Coinbase’s swift response to the incident demonstrates the company’s commitment to the security and protection of its employees and customers. As the use of cryptocurrency continues to grow and evolve, it is crucial that companies in the industry prioritize cybersecurity and take steps to ensure the safety and security of their operations.