Hackers Send Spoofed Coinbase Emails gather Users’ Credentials to Steal Cryptocurrency in Real Time: PIXM

Researchers at PIXM have revealed their latest observations of a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Hackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users’ legitimate Coinbase accounts in real-time.

How it works: Hackers present users with a notification that their account needed attention due to an urgent matter (ex: locked account, transaction confirmation). Users were prompted to enter login credentials and a 2 factor authentication code into the fake website. With the newly obtained personal information, the attacker immediately gains access into users’ legitimate sessions on the coinbase website. This attack is centered around three core techniques and is patently different from other phishing attacks tracked by PIXM in the way that domains stay alive for extremely short periods of time:

  • Short Lived Domains
  • Context Awareness
  • 2-Factor Relay

You can get more details on this phishing campaign here.

Leave a Reply