Millions of Dollars’ Worth of Bitcoin could be at Risk as scrupulous elements gained access to over 5,000 email addresses from the Coinsquare database. The database may be used for SIM swapping attack.
Canadian crypto exchange suffers breach
Coinsquare, is one the Canadaian-based cryptocurrency exchanges suffered a breach in its database recently. Hackers were able to gain access to about 5,000 email addresses as well as phone numbers of users. The hackers are reportedly trying to use these details for a SIM swapping attack. Speaking to VICE Motherboard this week, one of the alleged hackers said that the group originally aimed to sell the information. However, the now believe that they could “make more money by SIM swapping the accounts.”
Cold Diamond, the CEO of Coinsquare said that the theft didn’t occur on the exchange itself. The data was stolen from a third party. He reiterated that Coinsquare systems are safe and called it an “employee theft of data from a third-party CRM system.” The hack occurred about 18 months ago. He also said that there is neither a hack nor a hacker.
A possible SIM swap attack?
SIM swap attacks mean a hacker targeting the mobile phone number of a user. Upon getting user data, the hackers may get the ability to request password resets for any website. The mobile phone number plays an important role here as it is used for two-factor authentication on most websites. This type of attack is very common in the cryptocurrency industry.
According to VICE Motherboard, the information obtained by the hackers also includes physical addresses as well as data on how much each user deposited in their respective Coinsquare accounts in the first six months. It also includes data on which users were added as a “high-value client” rating on the platform.
More details were revealed by Coinsquare general counsel Stacey Hoisak who said that the data was stolen in 2019. The company took action and replaced internal sales management services as well. It also went on to rewrite its data management policy and also upgraded its internal controls to ensure that there is no additional employee theft.