CoinMarketCap acknowledges data breach of 3.1 million users

CoinMarketCap (CMC), a popular crypto-tracker, has confirmed that they have recently suffered a data breach which has exposed the PIIs of three million of its users’. The crypto-tracker boasts a global customer and has a visitation rate of 270 million per month on average, the majority of whom come from the US, India and Japan. 

Reportedly, the email addresses of 3,117,548 CMC users were illegally obtained in the data breach and uploaded to several hacking forums by October 12th, where they were being actively traded between parties on the dark web.   

CMC made a statement that they had “become aware that batches of data have shown up online purporting to be a list of user accounts” and had “found a correlation with our subscriber base”. The company also stated they are “actively investigating this issue and will update our subscribers as soon as we have any new information”, however, as of yet, they had “not found any evidence of a data leak from our own servers”.  

Currently the identity of the threat actors responsible for the data breach and the attack vector they leveraged in order to gain access to millions of customer data remain unknown. 

Source of leak 

However, there is still debate on how the threat actors managed to acquire the data. While a number are attributing the data leak source to CMC, with haveibeenpwned listing it under Pwned Websites, the company has denied that the data leak came from their servers. 

The company stated that since “no passwords are included in the data we have seen” and that they found “no trace of any security breach of [their] servers” after a comprehensive security check, they “believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites”.  

The company speculated that “a bad actor (or actors) took a list of leaked emails (this list that claims to be from CoinMarketCap) and compared it with other batches of leaked data”, essentially being “a “cleaned” email dataset from the Dark Web that has occurred in previous leaked email sets totally unrelated to CoinMarketCap” that makes it appear like CoinMarketCap is the source of the leaked data when it isn’t.  

However, some users have claimed that their CMC account uses a “unique password not used elsewhere” and are querying if CoinMarketCap stores any of its user data other than its servers. 

PIIs exposed 

CMC maintains that the emails addresses of CMC users are the only thing they can confirm is related to the leak. 

According to customers on Twitter, phishing campaigns against victims have already begun, with targeted users sharing screenshots of suspect emails they have recently been receiving that contain links and attachments with executables like .xhtml extension.  

Seemingly, some users have made the giant cybersecurity mistake of clicking on the links and been taken to what are likely Trojan login pages, where malicious actors fake legitimate login pages to steal further sensitive information from victims. 

This shows that the stolen data is already being actively exploited by its buyers to perform phishing campaigns. Commonly, data breaches facilitate phishing attacks, which is one of the most popular ways that threat actors can gain access to victims’ systems, networks and sensitive data, tricking victims into clicking on malicious links or attachments, as well as giving out sensitive information directly. 

Moreover, some affected customers have claimed they are getting security alerts that may indicate that passwords are actually part of the exposed data, or that users may have been already tricked by phishing emails into parting with that information. 

CMC users are strongly recommended to: 

• Change their passwords immediately. 
• Implement two-factor authentication. 
• Never click on links or attachments of a suspect email, as malicious actors can utilise these to deliver malicious code to your machine. 
• If you do ill-advisedly end up clicking on a link and it takes you to a login page, do not input your login details or any other sensitive data. Hackers will utilise this information to escalate their attacks. 

Increasing attacks on Cryptocurrency 

Cryptocurrency has found itself a central position in the cybersecurity world, with cryptocurrency-related attacks rising by 192 percent between October 2020 and April 2021. The rapidly growing industry is both used as a platform for threat actors to ferry illicit funds from ransom payments, it’s unregulated nature and difficulty in tracing being a great boon for cybercriminals, as well as a ripe victim for cyber attacks itself. 

Cryptocurrency firms BitMEX, a crypto exchange and derivative trading platform, and Ledger, a hardware crypto wallet manufacturer, have both suffered big data breaches relating to email addresses. Meanwhile, GateHub, a crypto wallet service, exposed 1.4 million accounts, including passwords, in a data leak. 

Poly Network, a finance platform that works cryptocurrency blockchains, was hit by hackers in August, the threat actors managing to steal 600 million dollars in the digital currency, although this was later returned.  

As cyber attacks continue to rise and the critiques of lacking investor protection mount, cryptocurrency really does risk becoming the true Wild West of cybercrime if it doesn’t keep up with cybersecurity best practices.