Recent Data Hack Could Put Millions of Dollars in Bitcoin at Risk

Published at: June 3, 2020

Hackers have obtained more than 5,000 email addresses and phone numbers from Canada-based cryptocurrency exchange, Coinsquare. Now, they’re reportedly hoping to use the data to perform SIM swapping attacks.

One of the alleged hackers spoke to VICE Motherboard on June 2, explaining that the collective originally intended to sell the information, but realized they could “make more money by SIM swapping the accounts.”

Coinsquare’s CEO Cole Diamond told Cointelegraph the theft was from a third party and not the exchange itself. “Coinsquare’s systems have never been breached,” he said. “As stated to VICE, this was an employee theft of data from a third party CRM system. It took place about 18 months ago. So “hackers” didn’t steal anything. There is no hacker.”

While hackers may not have stolen the data, they reportedly have it now. 

SIM swapping’s modus operandi

SIM swapping consists of a hacker hijacking the target’s mobile phone number, giving them the ability to request password resets for any website where the victim’s phone is used for two-factor authentication.

Said maneuver is frequently used to steal cryptocurrencies, and represents a risk to  Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies stored on custodial exchanges.

VICE Motherboard states that the information obtained includes phone numbers, and physical addresses. It also includes data on how much each user deposited in their account in the first six months, and the user’s “high-value client” rating within Coinsquare’s platform.

The hack occurred by an employee’s theft of information

Stacey Hoisak, general counsel for Coinsquare, gave more details on the attack on VICE Motherboard, stating that it occurred in 2019. He continued:

“The data was obtained as the result of employee theft of information contained within a client relationship database used for prospecting.”

Hoisak says the company replaced internal sales management services, rewrote data management policy, and upgraded its internal control in an effort to avoid additional employee theft.

In 2019, the cryptocurrency exchange partnered with the US-based crypto payments startup, Flexa, to bring in-store digital currency payments to Canada.

This article has been updated with comments from Coinsquare’s CEO.

Tags
Related Posts
UK High Court Orders Freeze on $1M of Bitcoin in Ransomware Case
A United Kingdom High Court ordered a proprietary injunction on Bitcoin (BTC) obtained through a ransomware attack on a Canadian insurance company. A proprietary injunction is an order which prevents a person from dealing with their own assets when it is subject of a proprietary claim. On Jan. 17, the UK High Court released documents concerning a ransomware attack, in which over 1,000 computers of the insurance company were rendered unusable through the use of malware that encrypted files, making them unaccessible. The unidentified attackers demanded $1.2 million in Bitcoin in exchange for decrypting the data. The firm’s insurer covered …
Bitcoin / Jan. 28, 2020
Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems
Gatecoin, a crypto exchange that was hacked in May 2016, has announced on March 13 that it has received a winding up (compulsory liquidation) order from an unspecified court. The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors. The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets. According to the team’s statement …
Bitcoin / March 14, 2019
Crypto.com finally speaks out: 483 user accounts compromised
The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts. In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value. Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns. Following the 17th of …
Bitcoin / Jan. 20, 2022
Bitfinex hack recovery spurs crypto community responses
On February 1, there were movements of around $2.5 billion from the 2016 Bitfinex hack wallets. After reviewing the transactions, Cointelegraph reported that around 90,000 Bitcoin (BTC), worth $3.6 billion, consolidated into one wallet address. More than a week later, the hackers were caught. The United States Department of Justice seized $3.6 billion in crypto and arrested two suspects connected to the 2016 hack. Alleged hackers Ilya Lichtenstein and Heather Morgan were apprehended after federal authorities exercised their ability to “follow the money through the blockchain” according to the DoJ. While some of the funds were partially recovered in 2019, …
Bitcoin / Feb. 9, 2022
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions. Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as PennyWise — likely named after the monster in Stephen King’s horror novel It — since it was first identified in May. “Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30: “In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications …
Bitcoin / July 6, 2022