Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by its management platform
Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by third-party email management platform GetResponse.
Following yesterday’s reports of a new wave of cryptocurrency scams, CoinGecko has confirmed that GetResponse suffered a data breach on June 5, allowing attackers to export the contact information of more than 1 .9 million CoinGecko users.
The security breach occurred due to the compromise of an employee’s account, according to a June 7 CoinGecko announcement:
“An attacker compromised a GetResponse employee’s account, resulting in a breach. We received confirmation from the GetResponse team on June 6, 2024, at 11:58 UTC that a data breach had occurred.
Compromised data includes usernames, email addresses, IP addresses, location of emails opened, and other metadata such as signup dates and subscription plans.
CoinGecko user accounts and passwords remain secure and uncompromised.
about: Cryptocurrency hacks will increase in 2024, but smart contracts are not to blame
More than 23,000 phishing emails have been sent so far
According to CoinGecko, even though its primary email domain was not compromised, the attacker was still able to send a total of 23,723 phishing emails.
“The attacker exported 1,916,596 contacts from CoinGecko’s GetResponse account and sent phishing emails to 23,723 emails from another GetResponse customer account (alj.associates).”
Phishing attacks involve hackers aiming to steal sensitive information such as the private keys of a cryptocurrency wallet. Other phishing attacks, known as address poisoning scams, aim to trick investors into voluntarily sending money to a fraudulent address that appears similar to addresses they have previously interacted with.
To protect against phishing emails, users should verify the authenticity of the email and ensure they have two-factor authentication (2FA) on cryptocurrency platforms, according to Hakan Unal, chief blockchain scientist at blockchain security company Cyvers. He told Cointelegraph:
“The immediate concern is the risks to those who may receive these compromised emails. To stay safe, users should verify the authenticity of these emails and enable multi-factor authentication on all cryptocurrency accounts.
about: Binance reinstates cryptocurrency purchases via Mastercard
Private key and data leaks remain the main cause of cryptocurrency hacks
Leaks of personal data and private keys have become the main culprits in cryptocurrency-related hacks, with exploiters targeting the lowest-hanging fruit rather than struggling to break into more complex protocols.
More than 55% of hacked digital assets were lost due to private key leaks in 2023, according to Merkle Science’s HackHub 2024 report.
Private key leaks remain the biggest vulnerability in the cryptocurrency space, according to Mriganka Patnaik, co-founder and CEO of cryptocurrency risk and intelligence platform Merkle Science. He told Cointelegraph:
“The biggest security problem today is the rapid increase in losses due to private key leaks… Hackers may be looking for easier targets that require less technical knowledge to exploit, such as theft of private keys.”
review: The celebrity price list for Caitlyn Jenner’s play ‘Mastermind’ has been leaked.