Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said.
As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions:
The perpetrator then made repeated attempts to gain remote access to Coinbase's internal systems with the employee's username and password, but was unable to pass through the Multi-Factor Authentication (MFA) security measure.
After failing to authenticate and being automatically blocked, the exploiter contacted the employee by phone. According to the report, the attacker claimed to be Coinbase's IT department and asked the employee for assistance:
Coinbase's Computer Security Incident Response Team (CSIRT) was alerted about an unusual activity by its Security Incident and Event Management (SIEM) system. An incident responder reached out to the victim via the company's internal messaging system in response to the atypical behavior.
"Realizing something was seriously wrong, the employee terminated all communications with the attacker", said the report. According to Coinbase, its layered control environment protected customer funds and information, even though some of its personnel's information had been compromised.
The company believes the attack is associated with a sophisticated attack campaign that targeted many companies since last year, especially in the United States. Cybersecurity
Read more on cointelegraph.com