Japanese cryptocurrency exchange Coincheck has admitted security incident in which unknown attackers accessed emails sent to the company by its customers.
According to a Coincheck’s statement, hackers got access to DNS records for the coincheck.com domain (Oname.com) at the firm’s third-party domain registrar, and modified the records to forward incoming emails to them. The company said that some emails received between May 31 and June 1, 2020 could be illegally accessed by a third party.
The incident occurred between May 31 and June 1, Coincheck said. The breach was discovered when the company detected traffic abnormalities. The firm confirmed that approximately 200 customers have been impacted by the security breach. The company said the leaked data may have included email address listed in the recipient, information listed in the customer's email and personal information such as name, registered address, date of birth, phone number, ID selfie.
Oname.com also confirmed the incident in a separate advisory regarding issues in Name.com Navi customer’s domain and server management tool.
“There was a case where the management screen of the customer who used Ome.com was accessed illegally and the registered information was rewritten. After investigating this, a malicious third party was able to use your ID and the bug (*) that could alter the communication on your name.com Navi. It turned out that the information (email address) was rewritten,” according to the statement.
While Coincheck did not reveal any technical details of the attack, according to security researcher Masafumi Negishi the hackers registered a lookalike domain to the AWS server and replaced the original awsdns-61.org with awsdns-061.org inside the Oname.com backend, which allowed the attackers to manage DNS queries for the Coincheck portal.