Hacker hacked the profile of an engineer at one of the largest cryptocurrency exchanges via SMS

An unknown attacker has obtained personal data of one of the engineers of the Coinbase crypto exchange through a fake SMS. Representatives of the exchange reported this on their official website.

It is alleged that in the SMS messages, the attacker urged the victims to log in to their Coinbase account to read an «important message.» Most of the employees ignored this, but one of them did follow the link to the fake page.

When the exchange employee logged in to the fraudulent Coinbase account, his personal data fell into the hands of the attacker. However, the hacker was not able to gain access immediately, as it was necessary to pass two-factor authentication. To do this, the attacker went ahead and called the victim, introducing himself as a member of Coinbase’s IT security team.

Representatives of the exchange admitted that the attacker got hold of the Coinbase employee’s data, including email address, full name, and other contact information. The trading platform emphasized that customer funds are safe.

After the SNS attack on Coinbase, hackers got hold of only the victim’s personal data, while the platform lost $ 625 million due to the indiscretion of one of the developers of Axie Infinity. One of the Axie Infinity team members accidentally downloaded spyware, which allowed hackers to take control of 4 out of 9 validators. The North Korean hacker group Lazarus Group, which attacked the Ronin sidechain back in March, is suspected of stealing the funds.