Don’t let smishing get you down! Learn how Coinbase employees were targeted by a persistent social engineering attack and how the company’s quick defence protected it from disaster.
Coinbase, one of the largest cryptocurrency exchanges in the world, has reported a cybersecurity incident that targeted its employees with an SMS phishing attack (Smishing) using persistent .
Coinbase has over 1,200 employees worldwide, and as of 2022, the exchange was home to more than 103 million verified users. This makes the company a lucrative target for small-time crooks and state-based hacking groups such as and others alike.
The Text Message
It all started on Sunday, February 5, 2023, when several employees received text messages asking them to use the link sent by the attacker for an urgent login. While all recipients ignored the text, one employee logged in with his/her username and password.
With the help of the employee’s login credentials, the attacker attempted to access Coinbase’s internal network. However, since the company had enabled multi-factor authentication () for employees, the attacker could not bypass the security feature and was unable to proceed further even after several attempts.
While the attacker was unsuccessful in accessing Coinbase’s system, a limited amount of data from the company’s directory was exposed, including names, email addresses, and phone numbers of a limited number of employees.
The Call
The second phase of the attack began with a phone call to the employee’s mobile phone, with the attacker claiming to be a member of Coinbase’s corporate Information Technology (IT) team.
Trusting that the caller was a legitimate IT staff member, the employee logged into their workstation and began following the attacker’s instructions. However, as the conversation progressed, the employee began to grow increasingly suspicious of the requests being made.
Thankfully, the employee’s suspicions were enough to prevent any damage from occurring. No funds were taken, and no customer information was accessed or viewed during the incident.
Based on the attacker’s modus operandi, Coinbase believes the incident was not an isolated one and is linked to a series of cyberattacks that have taken place recently, including , , , and others.
Coinbase has since released a urging all employees to remain vigilant against phishing attempts and other forms of cyber attacks. The company has emphasized the importance of verifying the identity of anyone who requests access to sensitive information or systems and has offered resources and training to help employees recognize and respond to potential threats.
This incident serves as a stark reminder of the ongoing threat posed by cybercriminals, and the need for individuals and organizations alike to remain vigilant against these attacks.
By staying informed and taking proactive measures to protect themselves and their information, individuals and businesses can help to minimize the risk of and other forms of cybercrime.
Coinbase’s swift response to the incident demonstrates the company’s commitment to the security and protection of its employees and customers. As the to grow and evolve, it is crucial that companies in the industry prioritize cybersecurity and take steps to ensure the safety and security of their operations.
