Ethereum
$190.82 0.97%
ETH · 2w

An attempted heist at Coinbase was scary good, even though it failed. Details of a recent attack on the popular crypto exchange reflect capabilities on par with those of nation-state-sponsored attackers.

When more than a dozen Coinbase employees got an email in May from an administrator at the University of Cambridge in the UK, nothing about the message raised any red flags. Someone named Gregory Harris, who said he was a “research grants administrator” at the university, told the recipients he needed their help judging contestants for an economics prize. 

Some of the employees exchanged additional emails with this account during the next two weeks; still nothing amiss. Little did they know that this was all part of a devious scheme.

Sign up for the Chain Letter — blockchains, cryptocurrencies, and why they matter

Whoever was really behind this account was playing a long game, aiming to gain access to Coinbase’s back-end network and steal some of the billions of dollars’ worth of cryptocurrency the company stores on behalf of its users. On June 17, the attacker sent another email. This time it contained a URL that, if opened in the Firefox browser, would install malware that could take over the user’s computer. According to Coinbase’s security team, it was part of a “sophisticated, highly targeted” attack. 

Newly published details provide a rare look at the anatomy of an attack on a cryptocurrency exchange. The Coinbase team managed to detect and block the attack before any funds were stolen, but in the process the defenders discovered they were up against an extremely adept foe.

What was unique about the attack, says Philip Martin, the company’s chief information security officer, was its sheer cost and the unusually high level of effort behind it. “It really underscores for me how seriously the attackers are taking the [cryptocurrency] space,” he says.

These were sophisticated professionals operating on a big budget, says Martin. That’s evident in that they exploited two separate previously unknown bugs—also known as “zero-day” vulnerabilities—in Mozilla’s Firefox browser. It’s not known if the attackers in this case discover...

Continue on technologyreview.com
Recent news
ETH +0.97% · twitter.com · 2h

Michael Gan Cooking New Project?

The 5th Spotlight project is successfully launched, KCS is back to Top 50 on CMC, and there will be one more thing...👀— Michael Gan (@gan_chun) August 24, 2019
ETH +0.97% · hedgetrade.com · 7h

Crypto Index Funds Beginner's Guide

There are many questions to ask when introducing yourself to crypto index funds. Get all the answers plus a review of today's top crytpo index funds.
ETH +0.97% · media.consensys.net · 8h

The State of Stablecoins, 2019

2019 has proven a huge year for the development of stablecoins and decentralized finance, particularly in regards to projects built on the Ethereum blockchain. An excellent and thorough report by…
ETH +0.97% · blog.district0x.io · 21h

The District Weekly — August 24th, 2019

This past week the district0x team published our bi-weekly dev update. One of the Meme Factory updates passed in beta testing was the ability to store vote secrets. Essentially when a vote is cast…