Coinbase Employees The Subject Of SMS Phishing Attack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 21, 2023 05:22 am PST

A phone call from a con artist was made to one of the employees who had fallen for the fraud after the SMS phishing attempt (also known as “smishing”). The largest bitcoin exchange on the planet, Coinbase, has disclosed a cybersecurity issue that involved an SMS phishing assault (Smishing) that used persistent social engineering techniques to target its employees.

In addition to having more than 103 million verified users as of 2022, Coinbase employs over 1,200 staff worldwide. This makes the business a profitable target for common criminals and state-based hacking organizations like Lazarus.

The incident began on February 5, 2023, when a number of Coinbase employees got text messages inviting them to use the attacker’s link for a quick login. One employee entered his/her username and password to log in while the other recipients all ignored the text.

Using the employee’s login information, the attacker tried to enter Coinbase’s internal network. Although the attacker made multiple tries, he could not overcome the security measure since the organization had implemented employee multi-factor authentication (MFA).

Despite the hacker’s inability to get access to Coinbase’s system, a small amount of information from the company’s directory—including the names, email addresses, and phone numbers of a small number of employees—was made public.

Coinbase’s Funds And Customers Data Intact

The attacker pretended to be a Coinbase’s corporate Information Technology (IT) team member during the first phone call to the victim’s mobile phone, which signaled the start of the second phase of the assault.

The employee answered the phone and assumed the caller was a Coinbase IT representative, so they logged in and started following the attacker’s instructions. The employee, however, started to become warier and warier of the requests as the talk went on.

Fortunately, the employee’s concerns were sufficient to prevent damage. No money was taken, and no client data was viewed or accessed as a result of the incident.

According to Coinbase, the event was not an isolated one connected to a number of recent cyberattacks that involved Twilio, DoorDash, Zendesk, Namecheap, and other companies, based on the attacker’s primary style.

Since then, Coinbase has issued a statement warning all staff members to be on the lookout for phishing scams and other cyberattacks. The business has highlighted the significance of confirming the identity of anyone requesting access to sensitive data or systems. It has provided tools and training to assist staff in identifying and countering such risks.

This episode is a harsh reminder of the constant threat posed by hackers and the necessity for both individuals and businesses to exercise caution when defending themselves from these assaults.

People and businesses can reduce the likelihood of a phishing scam or other form of scam victimizing cybercrime by remaining informed and taking proactive steps to safeguard themselves and their information.

The speed with which Coinbase responded to the event illustrates the company’s dedication to the safety and security of its personnel and clients. Companies in the sector must give cybersecurity first priority and make efforts to safeguard the safety and security of their operations as the use of cryptocurrencies grows and changes.


Prominent bitcoin trading site Coinbase said it had become an online attack target. The company said its “cyber controls stopped the attacker from getting direct system access and averted any loss of funds or compromise of client information.” Employee names, email addresses, and specific phone numbers were among the “small quantity of data” from its directory that was exposed as a result of the incident, which happened on February 5, 2023.

Many employees were targeted as part of the attack in an SMS phishing campaign asking them to log into their work accounts to read a crucial message. According to reports, one employee fell for the con and entered their username and password on a phony login page created by the threat actors to gather the credentials.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x