From theregister.co.uk
Coinbase chief information security officer Philip Martin this week published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication.
The thwarted attack began with email messages on May 30 to more than a dozen Coinbase employees that appeared to be from Gregory Harris, a research grant administrator at the University of Cambridge in the UK.
At some point prior to that, the attackers – a group known to Coinbase as CRYPTO-3 or sometimes HYDSEVEN – compromised or created two email accounts at Cambridge. Two days before the initial emails went out, they registered a domain to deliver their exploit, Martin said.