Spear Phishing Attack
The attack involved luring visitors to a certain web page which, if they were using Firefox, would download and run an information-stealer program on their systems that would collect and exfiltrate browser passwords and other data. If it had been successful, the hacker could have gained access to the Coinbase backend network which they could have used to steal funds from the exchange. This process is thought to have been behind a number of cryptocurrency exchange hacks in the past. In the case of Coinbase, the two Firefox bugs, which were chained into one single exploit, came via a spear-phishing email which was reported by alert members of staff, thus preventing the attack. Phishing is a very common method employed by cyber criminals, with sometimes only the most keen-eyed users able to recognize that something is wrong.
Vigilance is Key
Once the exploit was identified, Martin told ZDNet.com, his team went to work:
We walked back the entire attack, recovered and reported the 0-day to Firefox, pulled apart the malware and [infrastructure] used in the attack, and are working with various orgs to continue burning down [the] attacker’s infrastructure and digging into the attacker involved.
Martin added that the group behind this attempt was the same group behind other attacks against exchanges, and that they were working to inform other organizations of the threat. Mozilla has since issued a patch for the exploit, which Firefox users should download immediately, while the incident highlights once again that vigilance and anticipation of an attack are the best weapons against such activity.