Newly published details provide a detailed look at a well-orchestrated and well-funded attack on the crypto currency exchange Coinbase. Several employees back in May received an email from Gregory Harris, an administrator at the University of Cambridge requesting the assistance of the recipients. Nothing about the email appeared alarming. On June 17, the attacker sent another email. This one was malicious– it contained a URL that once opened in Firefox would install malware that could take over the user’s computer.
The attacker was after access to Coinbase’s back-end network in an attempt to steal some of the billions of dollars’ worth of crypto currency stored there. The Coinbase team was able to thwart the attack, but it really raised awareness for just how sophisticated and advanced hackers have become. “These were sophisticated professionals operating on a big budget,” says Philip Martin, Chief Information Security Officer for Coinbase. “That’s evident in that they exploited two separate previously unknown bugs—also known as “zero-day” vulnerabilities—in Mozilla’s Firefox browser. Browser zero-days in general are not cheap and exploiting them requires highly skilled hackers.” Mozilla has since issued patches for both of them.
Martin’s team believes a shadow group called HYDSEVEN may be to blame. They’ve been responsible for several assaults on crypto exchanges since 2016. The group has also been tied to attacks in Japan and Poland.
Martin estimates that launching the attack cost the attackers between half a million and a million dollars. The attackers used compromised academic emails over the course of several weeks, personalized their messages, and even created LinkedIn profiles for their fake identities. “As this space continues to grow and develop and gain traction, it’s also going to gain traction with more and more sophisticated attackers,” said Martin. “Attacks like this show that crypto currency companies must be prepared to fend off highly skilled attackers who may exploit previously unknown vulnerabilities.”