Coinbase revealed that its employees were targeted by sophisticated hack attacks leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering.

The attacks started on June 17, where Coinbase’s employees received emails from Gregory Harris, a Research Grants Administrator at the University of Cambridge contained a web link that, when opened in Firefox, would install malware capable of taking over someone’s machine. The attacks were detected and blocked by Coinbase’s security team.

The attackers seems to be highly skilled and experienced in writing exploit codes as they used unpublished Firefox 0-days, they hacked two Cambridge university email accounts, created created a landing page with exploit code at the University of Cambridge official domain and they could bypass Coinbase spam filters.

Coinbase team reached out to Cambridge University to assist in securing their infrastructure and to collect more information about the attacker’s behavior.

Coinbase is a cryptocurrency exchange headquartered in San Francisco, California. Coinbase is considered to be the largest cryptocurrency exchange in USA.

It seems that some of Binance exchange’s KYC (Know Your Customer) documents have been hacked and leaked online including selfies of individuals holding up a piece of paper with the word Binance and the date the image was taken, there are literally thousands of KYC identities on a telegram group Find Your Binance KYC.

Some examples of the leaked documents were shared online by a Reddit user, faces and IDs censored for privacy of personal info.

Binances CEO tweeted right after the alleged data was shared online, asking users not to FUD.

Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.

— CZ Binance (@cz_binance) August 7, 2019

Binance exchange issued a statement about the KYC leak stating that Binance was approached by unidentified individual who demanded 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data.

KYC means “Know Your Customer”. It is a process by which some cryptocurrency exchanges obtain information about the identity and address of the customers. This process helps to ensure that exchanges services are not misused. The KYC is required by large exchanges like Binance.

Clipsa is one of the most sophisticated pieces of cryptocurrency and financial malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing bank account credentials, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs.

Clipsa is one of the most sophisticated pieces of cryptocurrency malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing locally saved passwords, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs. Clipsa is also cable of launching bruteforce attacks against poorly configured wordpress websites.

Clipsa steals cryptocurrency by using information which is stored on a clipboard of the infected system. It simply replaces cryptocurrency wallet addresses that are saved in the clipboard with other addresses that are owned by people who spread the Clipsa password stealer. It aslo searches for cryptocurrency wallets “wallet.dat” fies and send it to the bad actors behind Clipsa.

According to a recent Avast anti-virus report, Clipsa highest infection rate is in India, Brazil and Philipines.

Because Clipsa installs XMRig CPU miner,PCs that are infected with Clipsa start working slower or do not respond at all. Having a miner installed on the operating system might also cause hardware overheat, unexpected system crashes and other problems. Typically, infected computers consume more power which leads to higher electricity bills.

Clipsa targets Windows based PCs and it’s being distrubuted through malicious codec pack installers for media players (Ultra XVid Codec Pack.exe or Installer_x86-x64_89006.exe).