(Bloomberg) — Binance and Kraken are among major crypto exchanges that have been targeted by the same type of social-engineering hack that was recently disclosed by Coinbase Global Inc., according to people familiar with the situation.
Both digital-asset platforms were able to fend off the attacks without losing customer data, according to the people, who asked not to be identified discussing the assaults. Kraken declined to comment on cybersecurity matters, and Binance didn’t respond to requests for comment.
While crypto companies and market participants have been constant targets of cyber criminals since the earliest days of the industry more than a decade ago, upticks in the attacks tend to coincide with a jump in the value of digital currencies as they’ve done so recently. Countless exchanges, including Bybit, Bitfinex and FTX, lost billions to hackers over the years.
Binance and Kraken were attacked in a similar way to Coinbase’s, but their internal policies and technologies repelled the attacks, the people said. Binance was seeing scammers reaching out to its customer-service agents with bribery offers, and a Telegram handle to contact the culprit with, one of the people said.
Binance uses artificial-intelligence bots to spot offers of potential bribes in different languages, and to stop the conversations. Many exchanges also only allow representatives to access customer information when customers initiate calls.
Last December, security personnel at several rival exchanges became aware of hackers targeting specifically large Coinbase holders, the people said. At least one exchange notified Coinbase’s security team through Telegram multiple times, one of the people said. Coinbase declined to comment on whether it had been notified by other exchanges.Coinbase declined to comment on whether it had been notified by other exchanges.
In Coinbase’s case, hackers bribed customer agents to steal client data and then demanded a $20 million ransom to delete it. The bribed reps got access to names, dates of birth, addresses, nationalities, government-issued ID numbers, some banking information as well as details about when customer accounts were created and their balances, Bloomberg reported earlier. Coinbase began noticing unusual activity from some of these reps as far back as January, the company told Bloomberg News on Thursday.
Social-engineering attacks have been on an upswing for crypto exchanges for the last two years. Hackers have also been known to buy crypto exchange users’ information, collected via malware unwittingly installed on the users’ devices, on the dark web. Using that, they called some Binance users in Israel, for example, trying to hoodwink them into transferring their funds into a new wallet the hackers controlled, two people said. The caller had a posh British accent, one of the people said.
Separately, on Thursday, the Department of Justice charged 12 people “for allegedly participating in a cyber-enabled racketeering conspiracy throughout the US and abroad that netted them more than $263 million” and involved using social engineering to steal Bitcoin.
More stories like this are available on bloomberg.com
