CoinGecko Users Targeted by 23,000 Phishing Emails Following Email Provider Data Breach
Cryptocurrency data aggregator CoinGecko has fallen victim to a data breach on its third-party email platform, GetResponse, resulting in over 23,000 users being targeted by phishing emails.
The breach occurred in the wake of reports concerning a surge in crypto airdrop scams, with CoinGecko suspected to be one of the affected parties.
On June 7th, CoinGecko issued a statement confirming that GetResponse had experienced a data breach on June 5th. This breach allowed cyber attackers to access the contact details of more than 1.9 million users.
The compromised data includes users’ names, email addresses, IP addresses, and the locations where emails were opened. Additionally, metadata such as sign-up dates and subscription plans were also exposed. Fortunately, CoinGecko assured users that their account credentials and passwords remained secure and unaffected by the breach.
Despite the primary email domain of CoinGecko remaining intact, the attackers managed to send out a total of 23,723 phishing emails. CoinGecko defined phishing as a scam where individuals are tricked into divulging sensitive information, such as private keys to their crypto wallets.
In response to the breach, CoinGecko offered guidelines on how users could safeguard themselves against potential scams. They advised users to steer clear of unfamiliar or misleading domains, refrain from clicking on suspicious links, downloading attachments from unrequested sources, and approaching token airdrop offerings cautiously.
The evolving tactics of crypto scammers have seen leaks of private keys and personal data become the leading cause of cryptocurrency-related hacks. Exploiters are now targeting these vulnerabilities, opting for easier targets rather than attempting to breach more intricate protocols.
According to Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks.
This trend coincides with the increasing use of scam tactics that leverage artificial intelligence (AI), ushering in a new era of cyber threats. These tactics include deepfake scams, state-sponsored attacks, and other sophisticated illicit activities.
Deepfake videos often exploit the likeness of influential figures to promote fraudulent investment schemes, falsely suggesting that the project has legitimate backing. For instance, in a recent incident, over 35 YouTube channels live-streamed the Space X launch using an AI-generated voice impersonating Elon Musk. Viewers were instructed to send Bitcoin or Ethereum to an address to receive double the amount, with the scammers claiming it was a legitimate giveaway.
Moreover, there have been instances of deepfake technology impersonating high-level executives during online meetings to potentially authorize large transactions, impacting both the corporate and crypto sectors.