Ethereum
$143.38 0.30%
ETH · 18w

An attempted heist at Coinbase was scary good, even though it failed. Details of a recent attack on the popular crypto exchange reflect capabilities on par with those of nation-state-sponsored attackers.

When more than a dozen Coinbase employees got an email in May from an administrator at the University of Cambridge in the UK, nothing about the message raised any red flags. Someone named Gregory Harris, who said he was a “research grants administrator” at the university, told the recipients he needed their help judging contestants for an economics prize. 

Some of the employees exchanged additional emails with this account during the next two weeks; still nothing amiss. Little did they know that this was all part of a devious scheme.

Sign up for the Chain Letter — blockchains, cryptocurrencies, and why they matter

Whoever was really behind this account was playing a long game, aiming to gain access to Coinbase’s back-end network and steal some of the billions of dollars’ worth of cryptocurrency the company stores on behalf of its users. On June 17, the attacker sent another email. This time it contained a URL that, if opened in the Firefox browser, would install malware that could take over the user’s computer. According to Coinbase’s security team, it was part of a “sophisticated, highly targeted” attack. 

Newly published details provide a rare look at the anatomy of an attack on a cryptocurrency exchange. The Coinbase team managed to detect and block the attack before any funds were stolen, but in the process the defenders discovered they were up against an extremely adept foe.

What was unique about the attack, says Philip Martin, the company’s chief information security officer, was its sheer cost and the unusually high level of effort behind it. “It really underscores for me how seriously the attackers are taking the [cryptocurrency] space,” he says.

These were sophisticated professionals operating on a big budget, says Martin. That’s evident in that they exploited two separate previously unknown bugs—also known as “zero-day” vulnerabilities—in Mozilla’s Firefox browser. It’s not known if the attackers in this case discover...

Continue on technologyreview.com
Recent news
ETH +0.30% · etsy.com · 1h

Banana Art T-Shirt is selling on Etsy Already

Funny New Banana Duct Tape Art Tee This t-shirt is everything youve dreamed of and more. It feels soft and lightweight, with the right amount of stretch. Its comfortable and flattering for both men an...
ETH +0.30% · news.bitcoin.com · 6h

Indian Lawmaker Says 'Cryptocurrency Is Inevitable'

Indian Parliament member Dr. Subramanian Swamy has shared his view on cryptocurrency. Advocating for India to make the transition to crypto, he reportedly said, "cryptocurrency is inevitable." The law...