HomesecurityCoincheck: Hackers violated domain for spear-phishing attacks

Coincheck: Hackers violated domain for spear-phishing attacks


The Japanese service cryptocurrency exchange, Coincheck, announced that he fell victim hacking attack. The attackers violated one of them domain names and used it for spear-phishing attacks to customers of the service.

Coincheck has discontinued some of its services platform on Tuesday to investigate the incident. Other activities, such as withdrawals and deposits, have not been excluded.

According to one reference released on Tuesday, the company said the original attack took place on Sunday 31 May. The hackers acquired access to Coincheck's account on (company domain registrar).

Koincheck did not provide technical details attack. However, the Japanese security researcher Masafumi Negishi said the attackers modified the basic DNS entry for Coincheck's domain.

Coincheck uses the service Amazon's DNS. This means that an Amazon DNS server handled the various processes.

According to Masafumi, the hackers recorded a similar domain on the AWS server and replaced the original to (extra 0 ahead of 61) in's backend. This allowed the attackers to manage DNS queries for the Coincheck portal.


The hackers did not use this access to redirect all the traffic of the service to a "Coincheck clone", because such a attack it would be immediately apparent.

So they started sending spear-phishing emails to specific users. The emails were supposed to come from the domain. In fact, user responses were sent to hackers' servers.

Coincheck said she spotted the attack when she noticed some "irregularities" in traffic. The attackers had access to the company's domain until Monday, June 1, 20:52, Tokyo time.

It is believed that the hackers asked them users-victims verify their account information via spear-phishing emails. They could then use the data to steal money or carry out other attacks.

According to Coincheck, hackers contacted at least 200 customers.

At present, we do not know if the hackers used in some way the data they obtained through spear-phishing emails.

In 2018, the exchange service was hacked and lost 500 million dollars.

Digital fortress
Pursue Your Dreams & Live!