Coinbase revealed that its employees were targeted by sophisticated hack attacks leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering.
The attacks started on June 17, where Coinbase’s employees received emails from Gregory Harris, a Research Grants Administrator at the University of Cambridge contained a web link that, when opened in Firefox, would install malware capable of taking over someone’s machine. The attacks were detected and blocked by Coinbase’s security team.
The attackers seems to be highly skilled and experienced in writing exploit codes as they used unpublished Firefox 0-days, they hacked two Cambridge university email accounts, created created a landing page with exploit code at the University of Cambridge official domain and they could bypass Coinbase spam filters.
Coinbase team reached out to Cambridge University to assist in securing their infrastructure and to collect more information about the attacker’s behavior.
Coinbase is a cryptocurrency exchange headquartered in San Francisco, California. Coinbase is considered to be the largest cryptocurrency exchange in USA.
