Coinbase explained in a blog post how the attempted attack happened. On May 30, a dozen of employees from Coinbase received emails from someone called ‘Gregory Harris’ posing as a Research Grant Administrator and came from a legitimate Cambridge domain.
The email didn’t have any kind of malware or malicious objects and wasn’t classified as spam either. These emails were sent on the following weeks too and eventually an email on June 17, sent by Gregory Harris contained an URL that would open Firefox and install malware.
Coinbase also explained how the attackers had to take over the two email accounts from the University of Cambridge and registered the domain to deliver the emails. The first few emails were innocuous, trying to gain the trust of Coinbase employees, the content of the email was about the ‘Adam Smith Prize’ and was asking for assistance in evaluating several projects.
Coinbase was able to stop the attack by detecting it early and thanks to their ability to revoke access.
This attack reminds cryptocurrency users once again of the possible risks of holding coins in exchanges. This year alone almost 10 exchange security breaches happened.