Coincheck Falls Victim To Data Breach, Halts Crypto Remittance

  • An unknown third party gained access to the platform’s domain registration service and send fraudulent emails to users.
  • Around 200 customers may have had their personal information leaked.

Illustration by Freepik

Japanese crypto exchange Coincheck has been the victim of a data breach after an attacker gained access to one of the platforms domain name accounts, the exchange said in an incident notice on 2 June.

According to the report, an unknown third party gained access to the platform’s domain registration service, Onamae.com, between 31 May and 1 June. During that time, the attacker sent “fraudulent” emails to the exchange’s customers, in an attempt to obtain their personal data. Though the motive for the attack remains unclear, it could be possible that the bad actor was phishing for Know Your Customer (KYC) verification details, in order to obtain access to the customers’ accounts.

The incident report reads:

“A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails to our customers during the period from May 31 to June 1, 2020. It turned out that the domain name was in a state where it could be acquired.”

The data breach apparently affected around 200 customers, who sent replies to the e-mails from the attacker. Coincheck has also noted that personal information, such as full name, date of birth, phone number, registration address, and selfie ID’s may have been obtained by the bad actor. Though the exchange said that no funds were lost during the attack, it did suspend all crypto remittances until the investigation on how the attacker gained access to the domain account is complete.

The exchange said:

“Although there is no impact on your assets at this time, we will stop crypto remittance service again, considering the progress of the investigation by the domain registration service operator. Services such as depositing/withdrawing Japanese Yen and receiving/purchasing/selling crypto assets can be used as usual.”

This is not the first time the Japanese exchange has been the victim of an attack. In 2018, the exchange suffered a hack, which saw around $500 million being stolen from Coincheck’s digital wallets. The incident is considered to be the largest theft of cryptocurrency in history.

Discussion
Related Coverage
KuCoin Twitter Account Hacked, Exchange to Reimburse Losses
  • The Twitter account of the crypto exchange was compromised for roughly 45 minutes on Monday, resulting in 22 transactions connected to the hack.
  • KuCoin has calculated that the total asset losses were 22,638 USDT, and noted that it will fully reimburse users affected in the incident.
April 24, 2023, 8:59 AM
kucoin

Shutterstock

BonqDAO Exploited for $90M
  • A hacker was able to manipulate the price of the AllianceBlock token on BonqDAO, which allowed him to drain close to $90 million worth of crypto from the protocol.
  • Both platforms have paused their services, and are currently in the process of removing liquidity as to hinder the hacker’s ability to convert the stolen tokens.
North Korean Hackers Move 41,000 ETH Stolen From Harmony
  • North Korea’s Lazarus Group has moved around $63.5 million of crypto assets connected to the Harmony bridge hack over the weekend.
  • The hackers tried to move a portion of the funds through Binance and Huobi, but the exchanges were able to freeze their account and recover around 124 BTC.