Philip Martin, Chief Information Security Officer at Coinbase, recently spoke about a hack which the exchange successfully managed to evade.
According to Coinbase, the highly sophisticated attack began on 30 May, when a dozen Coinbase employees received an email for a certain Gregory Harris, who was supposedly a Research Grants Administrator at Cambridge University. The initial mail was free of any malicious content, while seeming harmless. The mail also came for a legitimate Cambridge domain address. And while certain employees exchanged mails with this email ID, it took a turn for the worse on the 17th of June.
On 17 June, an email laced with malicious codes was sent to Coinbase, the email containing a URL that would automatically install malware in the system, while having the capability to take over the machine. At this point, Coinbase realized that it was dealing with a “unique” attack that involved spear-phishing/social engineering tactics and two Firefox 0-day vulnerabilities.
The blog went on to say,
“The attackers did a good job of creating a sense that the victims were talking to legitimate people using several techniques. Compromised academic emails allowed them to avoid any email filtering or common spam detection, and by spreading the communication out, the attackers modeled normal human behavior. “
However, Coinbase’s response team managed to act quickly on the matter and the exchange was able to defend its funds after successfully patching both the exploits.
In the aftermath of the attack, Martin made a keen observation. He stated,
“What was unique about the attack, was its sheer cost and the unusually high level of effort behind it. It really underscores for me how seriously the attackers are taking the [cryptocurrency] space.”