Crypto data aggregator firm, CoinGecko, has experienced a data breach through one of its third-party service provider.
While no CoinGecko user accounts were compromised in this incident, the hackers accessed vital users’ personal information which they employed in launching a wide-scale phishing attack.
1,916,596 User Contacts Stolen In The Breach
According to a security notice on June 7, CoinGecko claimed that hackers gained access to an employee’s account at GetResponse, an email marketing platform, leading to a high level of unusual activity.
On June 6, the team at GetResponse confirmed the attack stating that a data compromise had occurred.
Through this hack, the bad actors transferred out 1,916,596 contacts from the CoinGecko GetResponse account before proceeding to send phishing emails to 23,723 of these contacts using another GetResponse account.
For context, a phishing mail represents a fraudulent mail designed to deceive an unsuspecting recipient into revealing particularly sensitive or important information.
In this case, such information could be particularly detrimental, leading to a loss of assets.
However, through a fast response, the malicious emailing activity was quickly detected and halted by CoinGecko in collaboration with GetResponse.
However, data of certain users including personal information such as users’ name, email address, etc, and metadata such as account sign-up date and subscription have been obtained by the hacker.
Notably, the data breach at CoinGecko occurred on the same day following an alert from Tether CEO Paolo Ardoino stating that an established email vendor popularly used by crypto firms had been compromised.
We received now 2 independent confirmations that a prominent vendor used by crypto companies to manage mailing lists might have been compromised.
Not making names yet until investigation is completed, but please beware of any emails suggesting crypto-airdrops received since 24h…
— Paolo Ardoino (@paoloardoino) June 5, 2024
To mitigate the potential damage from this incident, CoinGecko has reached out to all users affected by the data breach.
Furthermore, the crypto data firm has commenced an investigation into the attack in partnership with GetResponse.
CoinGecko admonishes all users to exercise caution in opening emails from strange sources/domains.
In particular, they have warned against engaging with any email that claims to offer token airdrops by CoinGecko or GeckoTerminal.
Commenting on the incident, CoinGecko Co-founder and Chief Operating Officer, Bobby Ong has emphasized similar warnings, saying:
“Unfortunately GetResponse has confirmed that we are one of the impacted accounts that suffered a breach. This is a targeted supply chain attack on our email newsletter software vendor. There is no CoinGecko token being planned so don’t be duped by phishing emails.”