By
Godfrey Benjamin
April 25th, 2024
Coinbase said its Computer Security Incident Response Team (CSIRT) quickly stepped into the situation.
Crypto company Coinbase (NASDAQ: COIN) confirmed a cybersecurity attack targeted at its employees. The company said it was briefly compromised by the so-called “0ktapus” hackers who struck many organizations in 2022. Some of the hackers’ victims are Twilio (NYSE: TWLO) and online food ordering company (DoorDash). Twilio revealed that the hackers gained access to customer data after deceiving employees into providing their corporate log-in details. DoorDash also linked its data breach experience to the same hackers that attacked Twilio. The food delivery giant said the malicious hackers gained access to customers’ names, e-mail addresses, phone numbers, and delivery addresses.
Apart from Twilio, Cloudflare, and DoorDash, the 0ktapus group targeted about 130 companies last year. The hacking team usually impersonates Okta log-in pages in an effort to hijack the employees’ details.
Following the multiple incidents last year, Coinbase has become the latest victim of the cybersecurity attack spree. The crypto company reported the event and said the “0ktapus” group attempted to gain entry to the company’s systems by stealing an employee’s log-in credentials. There are reports that the gang has intensified its acts and now has many tech and video games under its eagle eye.
Coinbase Experiences Cybersecurity Attack
Coinbase explained that the cybersecurity attack started on February 5 when many of its employees received SMS messages. The message content prompted them to log in via a provided link for an important message. Although many workers ignored the notification, an employee innocently followed the process by inputting their username and password, which gave the attacker access. Afterward, the hacker tried to access Coinbase’s internal systems but was successful because of the required Multi-Factor Authentication (MFA).
However, the attacker did not stop at that but went ahead to call the employee, claiming to be from Coinbase corporate Information Technology (IT). The staff member ignorantly heeded the caller’s instruction which resulted in the exposure of employee information.
“Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers.”
In addition, Coinbase said its Computer Security Incident Response Team (CSIRT) quickly stepped into the situation. The company said its Security Incident and Event Management (SIEM) system called the Response’s attention to the unusual activity. According to a Coinbase spokesperson, “the threat actor was able to see, through a screen share, certain views of internal dashboards and accessed limited employee contact information”.
At pre-market trading, Coinbase stock is down 0.89% to $61.52. Apart from losing 10.48% in the last five days, the crypto company has been growing since the beginning of the year. It has added over 75% in its year-to-date record and popped 17.65% over the past month.