CoinGecko Confirms Data Breach of Email Providers Over 23,000 Phishing Emails Sent
Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by third-party email management platform GetResponse.
Following yesterday's reports of a new wave of crypto airdrop scams, CoinGecko confirmed that GetResponse suffered a data breach on June 5, which allowed attackers to export the contact information of more than 1.9 million CoinGecko users.
According to CoinGecko's June 7 announcement, the security breach was caused by a compromised employee account:
“An attacker compromised a GetResponse employee account, leading to a breach. We received confirmation from the GetResponse team that a data breach occurred on June 6, 2024 at 11:58 AM UTC.
The hacked data includes users' names, email addresses, IP addresses, email addresses and other metadata such as subscription dates and subscription plans.
CoinGecko user accounts and passwords remain secure and unorganized.
Related: Crypto Hacks Will Increase in 2024, But Smart Contracts Are Not Responsible
More than 23,000 phishing emails have been sent so far.
According to CoinGecko, even though their original email domain was intact, the attacker still managed to send a total of 23,723 phishing emails.
The attacker sent 1,916,596 contacts out of the CoinGecko GetResponse account and sent phishing emails to 23,723 emails from another GetResponse customer account (alj.associates).
Phishing attacks involve hackers aiming to steal sensitive information such as crypto wallet private keys. Other phishing attacks, known as address poisoning scams, aim to get investors to voluntarily send their funds to fraudulent addresses that are similar to addresses they have interacted with in the past.
To protect against phishing emails, users should double-check the authenticity of the email and make sure they have two-factor authentication (2FA) on crypto platforms, said Hakan Unal, senior blockchain scientist at chain security firm Syvers. He told Cointelegraph.
“The immediate concern is the risk to individuals who may have access to these hacked emails. To stay safe, users should verify the authenticity of these emails and enable multi-factor authentication on all crypto accounts.
Related: Binance restores crypto purchases with MasterCard
Private key and data leaks remain the biggest reason behind crypto hacks.
Private key and private data leaks have become the biggest reason behind cryptocurrency-related data breaches. Instead of struggling to break the most complex protocols, exploiters are targeting the low-hanging fruit.
More than 55% of hacked digital assets will be lost through private key breaches by 2023, according to the Merkel Science 2024 HackHub report.
According to Mirganka Patnaik, founder and CEO of crypto threat and intelligence platform Merck Science, private key leaks are the biggest vulnerability in the crypto space. He told Cointelegraph.
“The biggest security threat today is the increasing rate of losses due to private key breaches… Hackers may look for easier targets that require less technical expertise, such as stealing private keys.”
Magazine: Caitlyn Jenner Meme Coins ‘Mastermind' Celebrity Price List Released
