Coincheck Falls Victim To Data Breach, Halts Crypto Remittance

  • An unknown third party gained access to the platform’s domain registration service and send fraudulent emails to users.
  • Around 200 customers may have had their personal information leaked.

Illustration by Freepik

Japanese crypto exchange Coincheck has been the victim of a data breach after an attacker gained access to one of the platforms domain name accounts, the exchange said in an incident notice on 2 June.

According to the report, an unknown third party gained access to the platform’s domain registration service, Onamae.com, between 31 May and 1 June. During that time, the attacker sent “fraudulent” emails to the exchange’s customers, in an attempt to obtain their personal data. Though the motive for the attack remains unclear, it could be possible that the bad actor was phishing for Know Your Customer (KYC) verification details, in order to obtain access to the customers’ accounts.

The incident report reads:

“A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails to our customers during the period from May 31 to June 1, 2020. It turned out that the domain name was in a state where it could be acquired.”

The data breach apparently affected around 200 customers, who sent replies to the e-mails from the attacker. Coincheck has also noted that personal information, such as full name, date of birth, phone number, registration address, and selfie ID’s may have been obtained by the bad actor. Though the exchange said that no funds were lost during the attack, it did suspend all crypto remittances until the investigation on how the attacker gained access to the domain account is complete.

The exchange said:

“Although there is no impact on your assets at this time, we will stop crypto remittance service again, considering the progress of the investigation by the domain registration service operator. Services such as depositing/withdrawing Japanese Yen and receiving/purchasing/selling crypto assets can be used as usual.”

This is not the first time the Japanese exchange has been the victim of an attack. In 2018, the exchange suffered a hack, which saw around $500 million being stolen from Coincheck’s digital wallets. The incident is considered to be the largest theft of cryptocurrency in history.

Discussion
Related Coverage
Nomad Token Bridge Suffers $190M Security Exploit
  • Hundreds of addresses were involved in the $190 million exploit, and Nomad believes that at least some of them were white hat hackers.
  • Researcher for Paradigm has speculated that the exploit was caused by a recent update to one of Nomad’s smart contracts.
August 2, 2022, 9:19 AM
lock

Shutterstock

Flash Loan Exploit Drains Liquidity From Nirvana Finance
  • Hacker used a flash loan attack to manipulate and drain Nirvana’s liquidity pools, causing the protocol to lose $3.49 million in digital assets.
  • Shortly after the attack, which used a flash loan from Solend, both Nirvana’s native token ANA and NIRV stablecoin fell in price by over 80%.
Harmony Makes $100M Hack Reimbursement Proposal
  • Instead of using treasury funds, Harmony has proposed to make a 100% reimbursement by minting 4.97 billion ONE tokens, or a 50% one with 2.48 billion tokens.
  • Both proposals were made based on the current price of the ONE token, meaning users will receive the same amount of tokens regardless of future price changes.