Phishing emails are nothing new in the world of Bitcoin and can usually be identified with relative ease. In the case of Coinbase, however, their outgoing email server got hacked and someone managed to send an email originating from an actual Coinbase email address. This just goes to show that every aspect of your business – Bitcoin-related or not – is important, even something as mundane as email servers.
The “Coinbase Investment Fund”
One of the most remarkable aspects about Coinbase’s outgoing email server being breached is the fact that not every customer got the email. I’ve had a few friends and colleagues of mine check all of their mail folders, including spam, and they did not receive it. It looks like access was revoked before the malicious individual(s) could do what he/she/they had originally planned; to target as many people as possible.
Phishing emails from popular Bitcoin services such as Bitstamp, Coinbase and even Bitpay are nothing new, either. However, this email, claiming to come from the “Coinbase Investment Fund Team” at firstname.lastname@example.org, was not a phishing attempt but a direct attempt to trick customers into sending funds to a specific Bitcoin address.
It has to be said that this email had a certain appeal to it. First and foremost because it was coming from an actual Coinbase email address instead of being a spoofed email header. But also because it was – for a change – written in detailed English with little to no spelling mistakes. Very different from the emails Bitcoin enthusiasts usually receive when someone tries to get money from you.
Furthermore, every email sent out – that I have seen so far – also lists the correct Coinbase user name in the email which indicates that the breach goes beyond the outgoing mail server alone. Apparently, someone managed to access the customer database, which does not store any sensitive data as far as we know, and used those details to send out this fake email.
But there are also clear warning signs to be found about this email. The “Coinbase Investment Fund Team” lets you send Bitcoin to a random Bitcoin address and promises a 150% return on your investment in just 10 days. According to the email, your “fund assets will be diversified among emerging Forex positions at Coinbase Exchange.”
On top of that, this “investment offer” is only valid from April 20th which means this email has been sent nearly two weeks in advance. Could this hint at another one of these emails appearing in mailboxes over the next few days? Last but not least, deposits could be made from April 8th onwards, for a minimum of US$100 and a maximum of 60 Bitcoin per person.
“We will return your initial deposit with dividends on 1st of May, 2015 12:00 AM Pacific Time. (for example: investing 10 Bitcoins today will return 15 Bitcoins in a 10 day period). Profits are withdrawn without any delay, and Coinbase waives all fees for 1st level investments.” Withdrawn from where, exactly? And by who?
Positive Side of the Story
Even though this story revolves around a breach of a service, it’s also a clear sign on the wall that Bitcoin-related companies need to step up their security game. In fact, this breach should be seen as an opportunity to learn from this incident and take the necessary steps to make sure events like these can never happen again.
With Coinbase being tightly secured as a platform itself it looks like hackers are targeting their efforts elsewhere, by going after an email server for example. However, there is a lesson to be learned here for everyone; security goes way beyond what you think will be the target of an attack.
Source: Fake Email from Coinbase
All images courtesy of Pixabay