Price tracking website for cryptocurrencies, CoinMarketCap, has reportedly fallen victim to a hack, resulting in 3.1 million user email addresses being leaked. The news of the breach was reported by the website ‘Have I Been Pwned.’
Details Of The Leak
According to Have I Been Pwned, CoinMarketCap’s database was breached last week, on the 12th of October, 2021. However, the website clarified that the leak had resulted in email addresses being stolen, while passwords were not compromised or stolen during the security breach.
News regarding the hack first came to light when hacked email addresses were found to be traded online on several hacking forums, as revealed by "Have I Been Pwned." Have I Been Pwned is a website that tracks hacks and compromised accounts online.
CoinMarketCap Admits Leak
CoinMarketCap has admitted that several “batches of data have shown up online purporting to be a list of user accounts” and said that it had found them to be correlated with its subscribers.
“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”
However, CoinMarketCap has been unable to pinpoint the source of the leak, stating that it had not found any data leak from its servers while assuring that it will provide future updates.
“We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information.”
No Major Risk Of Large-Scale Theft
Since the data leak does not contain any passwords, CoinMarketCap has allayed any fears of large-scale theft. Add to this the fact that CoinMarketCap is not a cryptocurrency exchange.
“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”
However, despite having no immediate risk, this hack is detrimental to user privacy. It could also motivate hackers to carry out more attacks in the future. The attack comes after CoinMarketCap had acknowledged that it had been the target of phishing campaigns in the past.
Similar Leaks In The Crypto Space
Several companies in the crypto space have come under attack in the past, experiencing similar leaks where emails and other user information have been compromised. Binance, the exchange that owns CoinMarketCap, was also targeted in 2019, although the attack was unrelated to the one on CoinMarketCap. The attack resulted in Binance having 2% of its Bitcoin holdings stolen.
Cryptocurrency exchange Coinbase was also targeted recently, resulting in 6000 user accounts being compromised. The attack was a result of hackers exploiting Coinbase’s multifactor authentication system, suggesting that the hackers had prior access to user email addresses. Coinbase stated that the attackers had identified a vulnerability in the account recovery process.
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.