Illustration shows a representation of cryptocurrency and Coinbase logo
Reuters

KEY POINTS

  • No customer funds or customer information was affected in the incident, the company claimed
  • A limited amount of data from the corporate directory, however, was exposed to the hacker
  • The company believes the recent attack is part of an attack campaign targeting several companies

Cryptocurrency exchange company Coinbase has confirmed that an SMS phishing attack targeted one of its employees using persistent social engineering tactics.

The company, however, clarified that no customer funds or customer information was affected in the incident.

"Coinbase recently experienced a cybersecurity attack that targeted one of its employees," Coinbase Chief Information Security Officer Jeff Lunglhofer said in a post published Friday.

"Fortunately, Coinbase's cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information."

Lunglhofer added that only a "limited amount of data from our corporate directory" was exposed to the hackers, including the names, email addresses and phone numbers of a limited number of employees.

The officer said that last Feb. 5, the attacker sent several text messages to Coinbase employees, asking them to use the link sent for an urgent login. While most recipients ignored the text, one employee logged in with their username and password, believing the message was legitimate and important.

"The attacker, equipped with a legitimate Coinbase employee username and password, made repeated attempts to gain remote access to Coinbase. Fortunately, our cyber controls were ready," Coinbase said.

The company reportedly had a multi-factor authentication (MFA) for employees, which the attacker failed to bypass.

Not giving up, the attacker reportedly rang the employee, saying he was from Coinbase Information Technology (IT). Since the employee allegedly believed that the attacker was a legitimate staff, the employee followed the attacker's instructions.

The attacker's requests raised the suspicion of the company's Computer Security Incident Response Team (CSIRT), which then reached out to the victim via the company's internal messaging system.

"Realizing something was seriously wrong, the employee terminated all communications with the attacker," Coinbase said.

Coinbase, which has over 1,200 employees worldwide and over 103 million verified users, has been the target of hacking groups and individuals.

In 2021, hackers stole from at least 6,000 customers of Coinbase Global Inc, according to a Reuters report.

Attackers reportedly used the company's SMS account recovery process to access the accounts and transfer funds to crypto wallets not associated with Coinbase.

The company said the recent attack could be a part of a "highly persistent and sophisticated attack campaign" targeting other companies like Cloudflare since last year.

People watch as the logo for Coinbase Global Inc, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron at Times Square in New York, U.S., April 14, 2021.
People watch as the logo for Coinbase Global Inc, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron at Times Square in New York, U.S., April 14, 2021. Reuters / Shannon Stapleton