Cryptocurrency exchange Coinbase recently experienced a cyber attack in which attackers gained access to the company’s data. However, Coinbase claims that it caught the attack in time, preventing any loss of funds or customer information. The exchange has determined that the same group that targeted Twilio and Cloudflare is likely behind the attack.
According to Coinbase, the attackers sent SMS messages to several employees urging them to log in via a link within the message. One employee followed the instructions, inadvertently giving attackers their login credentials. The attackers then used these credentials to attempt remote access to the exchange’s systems. However, Coinbase’s cyber controls prevented the intrusion.
Coinbase’s Computer Security Incident Response Team (CSIRT) detected the unusual activity within 10 minutes and ended contact with the attackers. The company believes that the attackers behind the 0ktapus campaign are responsible for the breach, given the similarities in their social engineering tactics. The campaign targeted Twilio, Cloudflare, and other major companies last year, compromising nearly 10,000 accounts across 130 organizations.