Coinbase, the largest US cryptocurrency company, reported a “sophisticated, targeted, well-designed attack” that could allow hackers to gain access to its systems and funds for billions of dollars.

In mid-June, a sophisticated attack leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering targeted our employees. Coinbase Security detected and blocked the attack. We talk about how it unfolded for the first time: https://t.co/4DIvmxjI9i pic.twitter.com/e03rU2lyX8

– Coinbase (@coinbase) August 8, 2019

So, on May 30, many Coinbase employees received a letter allegedly from the research grants administrator at Cambridge University, Gregory Harris, asking them to help with the evaluation of projects applying for a grant.

It is noteworthy that the letter was sent from the official Cambridge domain, passed spam checking and did not contain any malicious elements.

Over the next few weeks, Coinbase employees received several more similar emails. Nevertheless, on June 17, another letter was sent on behalf of Gregory Harris – this time it contained a URL that, when opened in Firefox, installed malware that could seize the recipient’s device.

Coinbase's security system detected and blocked the attack for several hours. At the same time, the company's specialists emphasize that it was carefully thought out and organized.

So, the attackers identified in advance the operating system and browser that the alleged victims used on their computers. Then, Coinbase employees, whose devices were running on macOS, received an “error” message and a proposal to install the Firefox browser. It is noted that attackers used two zero-day vulnerabilities in Firefox at once.

In addition, they managed to create two email accounts and develop a landing page for the University of Cambridge.

After detecting the problem, the Coinbase team contacted the Firefox developers, sharing data on the vulnerabilities used in the attack, and also contacted the University of Cambridge.

“The crypto industry should expect continued attacks of this level of complexity, and therefore it is necessary to create an infrastructure with a defensive position and work together to exchange information about the attacks. This way we will be able to protect ourselves and our customers, support the cryptoeconomics and build an open financial system for the future, ” summed up at Coinbase.

Recall who and why breaks into digital systems, including in the cryptocurrency industry, there is a separate material on BlockchainJournal.

Subscribe to BlockchainJournal news on Telegram: BlockchainJournal Feed – the entire news feed, BlockchainJournal – the most important news and polls.