Coincheck Falls Victim To Data Breach, Halts Crypto Remittance

  • An unknown third party gained access to the platform’s domain registration service and send fraudulent emails to users.
  • Around 200 customers may have had their personal information leaked.

Illustration by Freepik

Japanese crypto exchange Coincheck has been the victim of a data breach after an attacker gained access to one of the platforms domain name accounts, the exchange said in an incident notice on 2 June.

According to the report, an unknown third party gained access to the platform’s domain registration service, Onamae.com, between 31 May and 1 June. During that time, the attacker sent “fraudulent” emails to the exchange’s customers, in an attempt to obtain their personal data. Though the motive for the attack remains unclear, it could be possible that the bad actor was phishing for Know Your Customer (KYC) verification details, in order to obtain access to the customers’ accounts.

The incident report reads:

“A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails to our customers during the period from May 31 to June 1, 2020. It turned out that the domain name was in a state where it could be acquired.”

The data breach apparently affected around 200 customers, who sent replies to the e-mails from the attacker. Coincheck has also noted that personal information, such as full name, date of birth, phone number, registration address, and selfie ID’s may have been obtained by the bad actor. Though the exchange said that no funds were lost during the attack, it did suspend all crypto remittances until the investigation on how the attacker gained access to the domain account is complete.

The exchange said:

“Although there is no impact on your assets at this time, we will stop crypto remittance service again, considering the progress of the investigation by the domain registration service operator. Services such as depositing/withdrawing Japanese Yen and receiving/purchasing/selling crypto assets can be used as usual.”

This is not the first time the Japanese exchange has been the victim of an attack. In 2018, the exchange suffered a hack, which saw around $500 million being stolen from Coincheck’s digital wallets. The incident is considered to be the largest theft of cryptocurrency in history.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.