In this edition of Max’s Corner Max gets to the bottom of the recent attempt to hack Coinbase and what it means for the industry at large.
Towards the end of this past Spring, a number of people working for Coinbase started receiving emails from Gregory Harris, a research grants administrator from Cambridge University. Harris wanted Coinbase employees to help judge applicants competing for an Economics prize issued by the university. The first emails came in May and a few of the employees that received them responded, and corresponded with Harris about the prize over the course of the following two weeks.
At the start of June, software engineer Robert Heaton received an email from Harris asking for the same thing. The email read:
My name is Gregory Harris. I’m one of the Adam SmithPrize Organizers.
Each year we update the team of independent specialists who could assess the quality of the competing projects: http://people.ds.cam.ac.uk/grh37/awards/Adam_Smith_Prize
Our colleagues have recommended you as an experienced specialist in this field.
We need your assistance in evaluating several projects for Adam Smith Prize.
Looking forward to receiving your reply.
Best regards, Gregory Harris
In a blog post, Heaton says that he was initially flattered by the email. He is a young programmer who, while fairly accomplished for his age, has not really done anything meriting recognition from Cambridge University as an expert in his field. On some level, Heaton says, he felt that there had been a slip-up and the email had perhaps been sent to the wrong person.
Trying to put the pieces together, Heaton started with some basic security checks. The email he got was sent from a legitimate @cam.ac.uk email address. The link in the email read: http://people.ds.cam.ac.uk/grh37/awards/Adam_Smith_Prize. By appearance alone, the link checked out. It directs to the same ...