5 June 2020

Hackers hijack Coincheck’s domain, сustomers’ emails exposed


Hackers hijack Coincheck’s domain, сustomers’ emails exposed

Japanese cryptocurrency exchange Coincheck has admitted security incident in which unknown attackers accessed emails sent to the company by its customers.

According to a Coincheck’s statement, hackers got access to DNS records for the coincheck.com domain (Oname.com) at the firm’s third-party domain registrar, and modified the records to forward incoming emails to them. The company said that some emails received between May 31 and June 1, 2020 could be illegally accessed by a third party.

The incident occurred between May 31 and June 1, Coincheck said. The breach was discovered when the company detected traffic abnormalities. The firm confirmed that approximately 200 customers have been impacted by the security breach. The company said the leaked data may have included email address listed in the recipient, information listed in the customer's email and personal information such as name, registered address, date of birth, phone number, ID selfie.

Oname.com also confirmed the incident in a separate advisory regarding issues in Name.com Navi customer’s domain and server management tool.

“There was a case where the management screen of the customer who used Ome.com was accessed illegally and the registered information was rewritten. After investigating this, a malicious third party was able to use your ID and the bug (*) that could alter the communication on your name.com Navi. It turned out that the information (email address) was rewritten,” according to the statement.

While Coincheck did not reveal any technical details of the attack, according to security researcher Masafumi Negishi the hackers registered a lookalike domain to the AWS server and replaced the original awsdns-61.org with awsdns-061.org inside the Oname.com backend, which allowed the attackers to manage DNS queries for the Coincheck portal.

Back to the list

Latest Posts

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

The gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017.
26 November 2020
Belden reveals data breach affecting current and former employees, business partners

Belden reveals data breach affecting current and former employees, business partners

The stolen information may have included names, birthdates, government-issued identification numbers, and bank account information.
26 November 2020
Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020