Security PSA: Ledger Phishing Attacks

By the Coinbase Security Team

At Coinbase, our Security team not only monitors the safety of our platform and customers’ funds, but also security threats and abuse trends impacting the larger cryptoeconomy. In December 2020, personal information stolen from Ledger, a third-party hardware wallet provider, was published on a hacking forum, resulting in a massive wave of phishing and extortion attacks against Ledger customers.

That’s the bad news. The good news is that with just a few simple steps, you can easily learn to recognize the most common attacks and protect yourself accordingly.

Personalized Extortion

An extortion email using stolen information from Ledger’s customer database

Receiving an email like this can be pretty terrifying — which is precisely the goal of the attacker. Fear, shame, or embarrassment are common tactics used by extortionists to coerce their victims into paying funds, even when there’s no actual security risk.

While everyone’s personal circumstances are different, our general advice is to completely ignore messages like this. Most extortionists are looking for easy targets, and will generally move on if they don’t receive a response. Of course, if you do have concerns for your personal safety or receive escalated extortion attempts, you should contact local law enforcement immediately.

Ledger Impersonation

Phishing email linking to malicious cryptocurrency-stealing software

At first glance (and even at second glance), this email looks plausible, and it’s not easy to discern the fact that it is designed to fool you into downloading malware that will steal your cryptocurrency private keys.

As a general rule of thumb, if an email is asking you to do something that you’re not expecting or didn’t request, you should treat it with caution. Some phishing links and websites can look very realistic, so if you have any doubts about its authenticity, it’s better to visit the website directly by typing in the URL, or finding the top non-advertisement search result in any major search engine (yes, scammers abuse search engine ads too!)

If you receive an email claiming to be from Coinbase and you’re not sure whether it’s authentic, you can forward it to [email protected] for verification.

SIM-Swaps and Other Attacks

Even if you don’t receive any phishing emails or extortion attempts resulting from the Ledger breach, the exposure of your personal information does put you at risk for other attacks, including SIM-swaps and increased targeting of your other exchange accounts and cryptocurrency holdings.

To help keep your Coinbase account(s) secure, we strongly recommend implementing the following steps:

  • Be on the lookout for targeted phishing emails claiming to be Coinbase. Please see our help article for more information about recognizing Coinbase-related phishing attempts.
  • Check your email at haveibeenpwned.com* or a similar third-party data breach monitoring site and ensure that you’re using strong, unique passwords for any account or email address that has been exposed in a previous breach.
  • Enable the strongest form of 2-step verification available to you for both your Coinbase account and your email. Please see our 2-step verification help article for available options.
  • Set up a Vault Wallet to securely store your long-term holdings.
  • Check your Coinbase and email activity history often for any events that you do not recognize.

Additional security tips:

  • Create a strong unique and complex password for your email and Coinbase accounts (use a password that is long and random, stored in a password manager like 1Password or LastPass.)
  • Contact your mobile carrier and ask them about additional security measures you can put in place for your mobile device.
  • Regularly update your browser, phone, and computer to the latest versions to ensure you have applied all available security patches.
  • Read our security tips and best practices help article.

As a reminder, Coinbase Support will never call you directly, ask for remote access to your computer, ask you to send digital currency to an external address or ask for your security codes and passwords.

If at any time you believe your Coinbase account was compromised, see our account compromise help article to disable your account.

*This is a third-party website.


Security PSA: Ledger Phishing Attacks was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Continue reading

Ledger’s recent security audit was unconnected to their data breach in June

It seems the review was already in process before the attack ever occured.

Popular hardware wallet company Ledger recently announced that they had passed a notable security evaluation, known as SOC 2 Type 1. This certification came following a significant data breach the company suffered in June. Ledger did not, however, decide to conduct its security audit because of the breach, according to comments from a Ledger representative. 

“Ledger is always seeking to raise the security standards and has been working on getting the attestation prior to the data breach,” the representative told Cointelegraph. 

News of Ledger’s completed SOC 2 Type 1 audit came in October, essentially giving the market a level of confidence based on a trusted mainstream security benchmark.

“The SOC II attestation refers both to the System, in this case, Ledger Vault only, and the Organization: Ledger as a whole,” the representative explained. “Hence, if the SOC 2 Type 1 only applies to Ledger Vault, the Ledger organization as a whole has been audited (onboarding of collaborators, third party interactions, etc.).”

Ledger was made aware of a database weakness in July, which they quickly patched. The company, however, also uncovered a previous large data breach that occurred in June, which leaked thousands customers’ names, addresses, and other potentially sensitive information. 

Kristy-Leigh Minehan, Former CTO of Core Scientific, told Cointelegraph “SOC2 Type 1 is about assessing the design of a security process (or processes) at a specific point in time (or, as of a specified date).” She clarified:

“They would only be evaluated up until the point when they executed it, not necessarily when they were awarded it.”

Continue reading

Most crypto exchanges are vulnerable by design, says Bybit CEO

He isn’t surprised attacks happen.

Crypto exchange security is once again in the news after hackers breached KuCoin. But this shouldn’t surprise people as exchanges are vulnerable by design, according to Bybit CEO Ben Zhou. 

Zhou told Cointelegraph that exchanges act as a single point of failure. As a centralized web application, exchanges are susceptible to the same security issues as all other websites. 

Security becomes even more important as investors and traders are increasingly taking exchanges to task to protect funds. 

The vast majority of crypto exchange servers and storage networks, Zhou said, keep digital currencies in hot wallets. If hot wallets are not properly protected, then this opens them up to theft. Zhou thinks that a cold wallet system is more secure since hot wallets are connected to the internet, making them more vulnerable to hacking. Cold wallets, on the other hand, are not connected online. The only downside is not being able to make large withdrawals from an exchange immediately.

According to Zhou, investing in security should be one of the highest priorities on an exchange platform’s agenda, especially if it operates online. To combat potential hacking threats, exchanges also need to better address vulnerable areas and apply multiple security layers for penetration testing. 

Any security system should also protect information across all points of interaction. This means protecting user data from account registration, login, trading, and any information exchange with the platform. Zhou added that:

“This can be accomplished by applying best practices for application lifecycle management, hiring knowledgeable and reputable security consultants for penetration testing and running bounty programs within the white hat community to identify any potential vulnerabilities.” 

Zhou also recommends cryptocurrency exchanges work with reputable security firms to carry out security audits, apply strict management processes, and invest in zero-trust architecture. Zero-trust architecture requires verification for anyone accessing a service to prevent any potential data breaches both internally and externally. 

He said there are several bespoke security solutions from third-party vendors that exchanges can use but noted these could also be developed in-house.

Zhou revealed that Bybit invested considerable resources in developing and enhancing its own security protocols and solutions. They have implemented a multi-signature cold wallet system to protect the safety of users’ funds. ​

When it comes to combating potential hacking threats, Bybit organized and conducted multiple red alert scenarios and bounty programs with the white hat hacker community. This is to ensure there are no system vulnerabilities. Zhou added that: 

“Even when it comes to withdrawals, we subject any requests to at least three layers of risk-control verifications. Crypto asset consolidation among cold wallets follows the strictest policy, including physical environment security, system security, encryption techniques, operation authentication, monitoring and audit.” 

As Cointelegraph previously reported, the recent crypto twitter hack was a wake-up call for centralized platforms to address online security issues. 

Continue reading

US Space Force taps blockchain firm Xage Security for data protection

Going where no blockchain has gone before.

The recently created United States Space Force, or USSF, and the U.S. Air Force Research Lab has chosen blockchain firm Xage Security to develop data security systems.

In a statement, Xage Security said it was awarded a contract to provide end-to-end data protection for the USSF. The company will employ its blockchain-based Xage Security Fabric solution for the project.

The company said Xage Security Fabric has a unified platform that can secure all systems and removes single points of entry so hackers can’t wipe information. It will allow the USSF to verify who accesses systems, ensure satellites continue to function securely even if ground equipment goes offline, and protect data until fully transferred to operational units.

This is the second contract Xage Security won from the U.S. Air Force, following the first one signed in December 2019.

The USSF was established in December last year to defend space and acquire military space systems. According to the University of Illinois, space systems are infrastructure and vehicles that work together to perform outer space tasks. These can be satellites or even spaceships. Since many space systems heavily rely on communication and geographical positioning, it’s crucial that data being sent through cannot be compromised.

Xage Security CEO Duncan Greatwood said blockchain meets many of the complex needs of the USSF:

“The USSF requires decentralized enforcement of security to establish space domain resilience and objective situational awareness––across every asset and data element. We built the Xage solution to serve the needs of complex critical infrastructure systems, and are excited to bring the Xage solution to the Space Force in the form of a blockchain-protected space system security.”

The U.S. Department of Defense, which oversees all military branches including the Air Force and the USSF, has been interested in blockchain for a while. It awarded Indiana-based blockchain firm Simba Chain a contract to provide security for sensitive research and development data in March this year. The Defense Advanced Research Projects Agency, or DARPA, has also been involved in blockchain since 2019.

Continue reading

Ethereum Classic partners with ChainSafe and OpenRelay to prevent more 51% attacks

The quest to protect Ethereum Classic continues.

As it grapples with multiple security breaches, Ethereum Classic Labs has partnered with ChainSafe and OpenRelay in hopes of increasing its defenses against 51% attacks. 

In a post, Ethereum and its Core Dev Team will work with both ChainSafe and OpenRelay to develop and test security responses. 

James Wo, founder and chairman of Ethereum Classic Labs, said the partnership makes sense: 

“OpenRelay and ChainSafe are both well acquainted with Ethereum Classic, through working together, will have some of the most brilliant minds in blockchain tackling the 51% problem in tandem. The team-up will bring additional expertise in Proof-of-Work security systems and testing environments.”

OpenRelay will help Ethereum to “develop practical simulations and models for the proposed features, establishing testnet infrastructure, and designing and implementing testnet tests” while ChainSafe is working on a review of the many security proposals to keep the network safe. 

Ethereum has seen at least three 51% attacks in August alone. These attacks even caused exchanges like OKEx to warn Ethereum that it will delist ETC if it doesn’y upgrade its security. The company, determined to improve its security, said regulation may be the key to stopping any future attacks by limiting hashpower rental companies. They said at least two of the attacks were caused by rented hash power from NiceHash.

Continue reading