Coinbase, the US cryptocurrency exchange, commented on “a sophisticated, highly targeted, thought out” hacker attack that took place several months ago.
According to a company spokesman, criminals could gain access to trading floor systems and funds worth billions of US dollars. Hackers used a combination of methods trying to trick staff and gain access to vital platform systems.
On May 30, exchange employees received a fake letter from the research grants administrator at Cambridge University asking them to help evaluate the projects that are eligible for the award. The message was sent from an official domain, did not get into spam and did not contain viruses.
Then the company received several similar letters with one of them to contain a malawre URL. Once it was opened in Firefox, it could seize the recipient’s device. The company's security system discovered the problem and resolved it in a few hours. Coinbase called the attack extremely thoughtful and organized.
The criminals found out in advance which operating system and browser were used by the employees. At the same time, MacOS users received an “error” message and were prompted to install Firefox. Criminals used two vulnerabilities of this browser to conduct an attack. They also created a fake Cambridge University page and created fake email accounts.
After detecting a hacker attack, Coinbase representatives contacted Firefox and the educational institution. The company emphasized that with the development of the digital money industry one can expect the development of such attacks and it is necessary to prepare for them.