Tuesday, November 24, 08:07
Home security Coincheck: Hackers violated domain for spear-phishing attacks

Coincheck: Hackers violated domain for spear-phishing attacks

The Japanese service cryptocurrency exchange, Coincheck, announced that he fell victim hacking attack. The attackers violated one of them domain names and used it for spear-phishing attacks to customers of the service.

Coincheck has discontinued some of its services platform on Tuesday to investigate the incident. Other activities, such as withdrawals and deposits, have not been excluded.

According to one reference released on Tuesday, the company said the original attack took place on Sunday 31 May. The hackers acquired access to Coincheck's account on Oname.com (company domain registrar).

Koincheck did not provide technical details attack. However, the Japanese security researcher Masafumi Negishi said the attackers modified the basic DNS entry for Coincheck's coincheck.com domain.

Coincheck uses the service Amazon's DNS. This means that an Amazon DNS server handled the various processes.

According to Masafumi, the hackers recorded a similar domain on the AWS server and replaced the original awsdns-61.org to awsdns-061.org (extra 0 ahead of 61) in Oname.com's backend. This allowed the attackers to manage DNS queries for the Coincheck portal.

The hackers did not use this access to redirect all the traffic of the service to a "Coincheck clone", because such a attack it would be immediately apparent.

So they started sending spear-phishing emails to specific users. The emails were supposed to come from the coincheck.com domain. In fact, user responses were sent to hackers' servers.

Coincheck said she spotted the attack when she noticed some "irregularities" in traffic. The attackers had access to the company's domain until Monday, June 1, 20:52, Tokyo time.

It is believed that the hackers asked them users-victims verify their account information via spear-phishing emails. They could then use the data to steal money or carry out other attacks.

According to Coincheck, hackers contacted at least 200 customers.

At present, we do not know if the hackers used in some way the data they obtained through spear-phishing emails.

In 2018, the exchange service was hacked and lost 500 million dollars.


Please enter your comment!
Please enter your name here

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020