Anatomy of an attack: How Coinbase was targeted with emails booby-trapped with Firefox zero-days


Security of cryptocurrency

Coinbase chief information security officer Philip Martin this week published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication.

The thwarted attack began with email messages on May 30 to more than a dozen Coinbase employees that appeared to be from Gregory Harris, a research grant administrator at the University of Cambridge in the UK.

At some point prior to that, the attackers – a group known to Coinbase as CRYPTO-3 or sometimes HYDSEVEN – compromised or created two email accounts at Cambridge. Two days before the initial emails went out, they registered a domain to deliver their exploit, Martin said.

Read more…