Coinbase recently thwarted a very clever hacking attempt by cyber criminals. The planning and sophistication of the attack against this major cryptocurrency exchange was impressive. The attackers were careful, well-funded, technically savvy, and unexpectedly patient. They laid a foundation of trust by socially engineering people over an extended period of time before attempting to exploit two 0-Day vulnerabilities. Those don’t come cheap. They used compromised academic email accounts to bypass detection and built credibility with their targets over the course of many messages before sending a malicious link that directed victims to a custom browser exploit.
This took planning and preparation. They obviously did research to identify proper candidates, connected with them on a platform and subject that held a high potential of engagement. Attackers even knew the type of web browser the intended victims were using on their systems. Gaining such insights takes dedication and organization.
These are very smart tactics and not indicative behavior of typical cyber criminals who are impatient. This has the hallmarks of a professional team. Glad to hear that the compromise was detected and isolated before the next phase of the attack could take place.
This attack is another example of how the crypto community is currently in the sights of organized and top-tier cyber criminals. Recently there was the $40 million hack of Binance and I predict we will see more of these attacks by the end of the year. I would not be surprised if several are successful to the tune of tens-of-millions of dollars each.