Illustration by Freepik
Japanese crypto exchange Coincheck has been the victim of a data breach after an attacker gained access to one of the platforms domain name accounts, the exchange said in an incident notice on 2 June.
According to the report, an unknown third party gained access to the platform’s domain registration service, Onamae.com, between 31 May and 1 June. During that time, the attacker sent “fraudulent” emails to the exchange’s customers, in an attempt to obtain their personal data. Though the motive for the attack remains unclear, it could be possible that the bad actor was phishing for Know Your Customer (KYC) verification details, in order to obtain access to the customers’ accounts.
The incident report reads:
“A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails to our customers during the period from May 31 to June 1, 2020. It turned out that the domain name was in a state where it could be acquired.”
The data breach apparently affected around 200 customers, who sent replies to the e-mails from the attacker. Coincheck has also noted that personal information, such as full name, date of birth, phone number, registration address, and selfie ID’s may have been obtained by the bad actor. Though the exchange said that no funds were lost during the attack, it did suspend all crypto remittances until the investigation on how the attacker gained access to the domain account is complete.
The exchange said:
“Although there is no impact on your assets at this time, we will stop crypto remittance service again, considering the progress of the investigation by the domain registration service operator. Services such as depositing/withdrawing Japanese Yen and receiving/purchasing/selling crypto assets can be used as usual.”
This is not the first time the Japanese exchange has been the victim of an attack. In 2018, the exchange suffered a hack, which saw around $500 million being stolen from Coincheck’s digital wallets. The incident is considered to be the largest theft of cryptocurrency in history.