Cryptocurrency exchange Coinbase announced that a hacker stole a company employee’s login credentials to gain remote access to its system, obtaining some contact information for multiple employees but leaving customer data and funds unharmed.
“Coinbase recently experienced a cybersecurity attack that targeted one of its employees. Fortunately, Coinbase’s cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Only a limited amount of data from our corporate directory was exposed,” Coinbase said in a blogpost.
According to the company, on Sunday (February 5), numerous employees’ mobile phones began to alert with SMS messages stating that they needed to log in urgently via the link provided to get an important message.
While the majority of employees ignored this unprompted message, one employee followed the link and submitted their login details, assuming it to be an essential and legitimate message.
The employee was asked to disregard the notification after “logging in” and praised for doing so.
Furthermore, the attacker attempted to get remote access to the company several times using a valid Coinbase employee identity and password.
The attacker, however, was unable to provide the needed Multi-Factor Authentication (MFA) credentials — and hence was denied access, the company said.
The crypto trading platform also reported that, after a period of time, one of its employees’ mobile phones rang. The employee picked up the call and began speaking with the attacker, who identified himself as a member of Coinbase corporate Information Technology (IT) and asked for the employee’s assistance.
The employee logged into their computer and started following the attacker’s instructions since they thought they were chatting to a real member of the Coinbase IT department.
“That began a back-and-forth between the attacker and an increasingly suspicious employee. As the conversation progressed, the requests got more and more suspicious,” said Coinbase.
