Coinbase Fends off Cyber Attack Against Employees

Reading Time: 2 minutes

The recent bug in the Firefox browser that threatened to compromise users via a JavaScript exploit was used in an attack against Coinbase employees, the firm has revealed. Philip Martin, a member of the Coinbase security team which reported the attacks to Mozilla, has revealed that the attack used not one but two Firefox zero-day exploits which targeted employees rather than users as was first thought.

Spear Phishing Attack

The attack involved luring visitors to a certain web page which, if they were using Firefox, would download and run an information-stealer program on their systems that would collect and exfiltrate browser passwords and other data. If it had been successful, the hacker could have gained access to the Coinbase backend network which they could have used to steal funds from the exchange. This process is thought to have been behind a number of cryptocurrency exchange hacks in the past. In the case of Coinbase, the two Firefox bugs, which were chained into one single exploit, came via a spear-phishing email which was reported by alert members of staff, thus preventing the attack. Phishing is a very common method employed by cyber criminals, with sometimes only the most keen-eyed users able to recognize that something is wrong.

Vigilance is Key

Once the exploit was identified, Martin told, his team went to work:

We walked back the entire attack, recovered and reported the 0-day to Firefox, pulled apart the malware and [infrastructure] used in the attack, and are working with various orgs to continue burning down [the] attacker’s infrastructure and digging into the attacker involved.

Martin added that the group behind this attempt was the same group behind other attacks against exchanges, and that they were working to inform other organizations of the threat. Mozilla has since issued a patch for the exploit, which Firefox users should download immediately, while the incident highlights once again that vigilance and anticipation of an attack are the best weapons against such activity.