Author: Syedur Rahman 23 October 2021
More than 3.1 million user email addresses have been leaked after the crypto price-tracker site CoinMarketCap was hacked.
The hack became public knowledge after the email addresses started to be traded on various hacking forums. It was revealed by Have I Been Pwned, a website that identifies hacks and compromised online accounts.
CoinMarketCap, which is a subsidiary of the Binance cryptocurrency exchange, confirmed that the list of leaked user accounts matched its database of users.
In a statement, it said: “CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”
While confirming that a hack had taken place. CoinMarketCap said that hackers had not gained access to any account passwords. It added that it had not found evidence of any data being leaked from its own servers but said it had not identified the precise cause of the hack.
CoinMarketCap’s problems come just weeks after a hack on the Coinbase crypto exchange that saw 6,000 user accounts compromised. The Coinbase attack involved the hackers exploiting the exchange’s multifactor authentication (MFA) system, which indicates that hackers had access to user email addresses. Coinbase has said the attackers identified a vulnerability in the account recovery process. It did not reveal the value of the assets that were stolen.
The hack on CoinMarket Cap will certainly cause it major difficulties. It may need to brace itself for a wave of lawsuits relating to the data breach. If the email addresses have been hacked, the customers may well be subject to extortion or ransomware attacks. As the email addresses were being sold on hacking forums this is a strong possibility.
Both CoinMarket Cap and its customers now need to be on high alert – and CoinMarketCap has to put preventative measures in place to reduce any risk of problems in the future.
Syedur Rahman is known for his in-depth experience of serious fraud, white-collar crime and serious crime cases, as well as his expertise in worldwide asset tracing and recovery, international arbitration, civil recovery, cryptocurrency and high-stakes commercial disputes.