Coinbase Was A Target Of A Highly Sophisticated Attack: CEO Claims

Coinbase was a target of a highly sophisticated and thought out attack that intended to access the systems and presumably to get a hold of the billions of dollar worth of crypto stored on the platform. In the latest cryptocurrency news today we will read some more information about the claims of the Coinbase’s CEO.

In a blog post on August 8^th, there is an explanation in technical detail how the plot unfolded and how the exchange countered the attempted hack. Coinbase noted that the hackers used a combination of methods to try and harm the exchange and access the vital systems including methods such as social engineering, zero-day exploits, and spear phishing. The attack started back on May 30 with many of the staff being sent emails that were reportedly from Gregory Harris who is the research Grants Administrator at the Cambridge University. The emails included the employee’s past histories and requested help into judging projects that are competing for an award. Coinbase stated:

 “This email came from the legitimate Cambridge domain, contained no malicious elements, passed spam detection, and referenced the backgrounds of the recipients. Over the next couple weeks, similar emails were received. Nothing seemed amiss.”

The attackers developed an email conversation with a couple of staffers but never sent any malicious code until June 17 when ‘’Harris’’ sent another email with a URL inside that opened only in Firefox which would later install malware capable of taking over’s someone’s system. Coinbase noted that in a matter of hours, Coinbase was a target that could have made great damage but luckily the Security of the platform detected and blocked the attack.

The first stage of attack according to the blog post identified the OS and browser on the victims’ machines with an error showing up to the screen to users who don’t have the Firefox installed and urging them to install the latest version. Once the victim visited the Firefox, the code was exploited and delivered from a different domain and this is how the attack was identified. According to the platform, there had been two different Firefox zero-day exploits in the attack as we can read in the altcoin news earlier:

‘’One that allowed an attacker to escalate privileges from JavaScript on a page to the browser (CVE-2019–11707) and one that allowed the attacker to escape the browser sandbox and execute code on the host computer (CVE-2019–11708).”