JAKARTA - The increase in the value of cryptocurrencies will definitely attract the attention of criminals. The concentration of cryptocurrency trading on cryptocurrency exchanges has also become the center of their attention. Coinbase is the largest crypto exchange in the US, and researchers have detected numerous phishing campaigns against Coinbase users.

The size or value of Coinbase is now very impressive. This cryptocurrency is claimed to have more than 56 million verified users in more than 100 countries. Its trading volume is around 335 billion US dollars (Rp 4864 trillion), and it has 223 billion US dollars (Rp 3238 trillion) in assets on its platform.

Researchers at anti-phishing firm INKY have now uncovered dozens of phishing attempts targeting Coinbase users. In a blog post, they describe several phishing attempts designed to steal login credentials to Coinbase for theft of cryptocurrency, and financial details and even personal data.

This phishing attempt uses well-written and presented emails and uses the Coinbase logo. So far, there has been very little fraudulent content that has no spelling or typos, and uses good style and grammar.

They also give a much different sentence. Usually the scam sentence reads “we have detected unauthorized activity and have blocked your account”. Instead the brand now states: “we have followed up on your request to deactivate your account”. To reactivate the account then the victim, needs to click on the button and re-enter his credentials.

The email was sent from a hijacked email account. If the target is tricked, and clicks on the button presented, then they will be sent to a fake Coinbase login page, which is very much like the real page. This fake page is hosted on the website of a German roof remodeling company. Forge websites and use them to contain and hide material on a single page.

In this case, the only visual clue that the page is wrong is in the browser's link address bar ('bedachugen-bauer[.]de' not 'coinbase[.]com/signin'). Any credentials entered into these fake pages are immediately retrieved and sent to the criminals.

Coinbase, along with most authorities, urges users to use two-factor authentication. INKY warns that this may not be enough. Even if not used in this scam attempt, criminals can use man-in-the-middle attack frameworks (such as Evilginx) to capture 2FA tokens sent to phishing clients.

Evilginx uses the Nginx HTTP server to proxy real websites to phishing victims, capturing any 2FA tokens that websites can send as browser cookies to clients.

Phishing remains one of the most prolific criminal attacks. In phishing, users appear to be an easier target than hacking the exchange. Exchange hacks are actually also common. The theft of nearly $500 million worth of bitcoins led to the collapse of MtGox in 2014, which was the largest cryptocurrency exchange in the world at the time.

One conclusion is that bitcoins were slowly stolen from their users' wallets from 2011 to 2014. In 2019, the Binance exchange lost 7,000 bitcoins, then worth more than US$41 million (595 billion rupiah) which was also stolen from hot wallets.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)