One of the support managers of the Kuna cryptocurrency exchange was the victim of a phishing attack. As a result, all the money was stolen from his personal accounts on the Binance and Hotbit exchanges, as well as personal correspondence on Telegram was merged. This was announced by the founder of the Kuna exchange, Mikhail Chobanyan.
According to him, hackers have developed a clear vector of attack on cryptocurrency projects.
“Just a couple of days ago, I received a message from a junior support with a link and text approximately like this:“ I need to collect additional information on the exchange for the CryptoCompare cryptocurrency project, I don’t have enough rights, go to this link and enter some code. ” It immediately became clear to me that this was not my employee. At the same time, I found out that other top managers of the Kuna exchange received a similar message. We raised the alarm, ”said Mikhail Chobanyan.
As the Kuna security service found out, the link runs a malicious script designed specifically for Mac computers. It gives attackers full access to the victim’s computer, open tabs, and also provides the ability to act on her behalf.
Thus, hackers gained access to the correspondence of a Kuna employee with other colleagues on Telegram, as well as a total of about 1 BTC from the Binance and Hotbit exchanges.
“The attackers used the support manager account to reach me, get full access to the exchange, and probably wanted to steal money, ” suggests Mikhail Chobanyan. “ Nevertheless, before the security system worked, the only thing the attackers had was to see the latest deposits in open tabs, and they received nothing except email, hash, amount and time of the transaction.”
In connection with the incident, the founder of Kuna gave users recommendations:
- in no case do not open obscure links;
- double-check the addressee who sent you the message: did you know him, did he write to you from this account;
- since the attack is through Telegram, set two-factor authentication and a complex password. To install 2FA, you can use the applications Authy, Google Authenticator, LastPass Password Manager;
- Check active sessions in Telegram. If you see devices on which the messenger has not been installed, disconnect these sessions;
- If you use cryptocurrency exchanges, do not be too lazy to create a separate email for each site.
Earlier, the US cryptocurrency company Coinbase reported a similar attack that could allow hackers to gain access to its systems and funds for billions of dollars. Employees of the company also received letters with a link, upon opening of which malware was installed in the Firefox browser, which could seize the recipient's device.
Subscribe to BlockchainJournal news on Facebook !
BlockchainJournal.news
BlockchainJournal.news
