CoinMarketCap Database Breach: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/coinmarketcapdatabasebreach.php}} thumb|CoinMarketCapA list of 3.1M email addresses, with strong correlation to users registered on CoinMarketCap, was found online. CoinMarketCap claims that the list must have come from an alternate source, and they were unable to find a breach on their servers. However, no complete alternative hypothesis has been brought forth. No passw...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/coinmarketcapdatabasebreach.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/coinmarketcapdatabasebreach.php}} | ||
{{Unattributed Sources}} | |||
[[File:Coinmarketcap.jpg|thumb|CoinMarketCap]]A list of 3.1M email addresses, with strong correlation to users registered on CoinMarketCap, was found online. CoinMarketCap claims that the list must have come from an alternate source, and they were unable to find a breach on their servers. However, no complete alternative hypothesis has been brought forth. No passwords or other data were included on the list. | [[File:Coinmarketcap.jpg|thumb|CoinMarketCap]]A list of 3.1M email addresses, with strong correlation to users registered on CoinMarketCap, was found online. CoinMarketCap claims that the list must have come from an alternate source, and they were unable to find a breach on their servers. However, no complete alternative hypothesis has been brought forth. No passwords or other data were included on the list. | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country.<ref name="blockthreat-5482" /><ref name="bankinfosecurity-6009" /><ref name="coinmarketcap-6010" /><ref name="newsncr-6011" /><ref name="haveibeenpwnedtwitter-6012" /><ref name="cryptobriefing-6013" /><ref name="cryptodaily-6014" /><ref name="cryptopotato-6015" /><ref name="cointelegraph-6016" /><ref name="republicworld-6017" /><ref name="coinmarketcaptwitter-6018" /><ref name="decrypt-6019" /><ref name="coinbureautwitter-6020" /><ref name="yahoofinance-6021" /><ref name="rajeshsapkal19twitter-6022" /><ref name="itstomasinatwitter-6023" /><ref name="factednettwitter-6024" /><ref name="ndtvgadgets-6025" /><ref name="coindesk-6026" /><ref name="trendmicronews-6027" /><ref name="haveibeenpwned-6028" /> | ||
== About CoinMarketCap == | == About CoinMarketCap == | ||
| Line 65: | Line 66: | ||
!Description | !Description | ||
|- | |- | ||
|October 12th, 2021 | |October 12th, 2021 | ||
|Main Event | |Main Event | ||
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
| Line 73: | Line 74: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 92: | Line 96: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
Using separate email addresses for each registration can limit the potential impacts of any data breach, and enable accurate knowledge of what was breached. Always pay special care to the source of email messages, and never interact directly with an email message. Instead, go to the official website of the service to confirm any actions needed. | |||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
[https://www.blockthreat.io/p/blockthreat-week-42-2021 No Title] (Jan 10) | <references><ref name="blockthreat-5482">[https://www.blockthreat.io/p/blockthreat-week-42-2021 No Title] (Jan 10, 2022)</ref> | ||
[https://www.bankinfosecurity.com/coinmarketcap-no-breach-despite-31m-email-address-leak-a-17789 CoinMarketCap: No Breach Despite 3.1M Email Address Leak] (Jan 25) | <ref name="bankinfosecurity-6009">[https://www.bankinfosecurity.com/coinmarketcap-no-breach-despite-31m-email-address-leak-a-17789 CoinMarketCap: No Breach Despite 3.1M Email Address Leak] (Jan 25, 2022)</ref> | ||
[https://coinmarketcap.com/alexandria/article/good-security-habits https://coinmarketcap.com/alexandria/article/good-security-habits] (Jan 26) | <ref name="coinmarketcap-6010">[https://coinmarketcap.com/alexandria/article/good-security-habits https://coinmarketcap.com/alexandria/article/good-security-habits] (Jan 26, 2022)</ref> | ||
[https://www.newsncr.com/technology/data-of-more-than-3-million-users-of-coinmarketcap-leaked/ Data of more than 3 million users of CoinMarketCap leaked!] (Jan 26) | <ref name="newsncr-6011">[https://www.newsncr.com/technology/data-of-more-than-3-million-users-of-coinmarketcap-leaked/ Data of more than 3 million users of CoinMarketCap leaked!] (Jan 26, 2022)</ref> | ||
[https://twitter.com/haveibeenpwned/status/1451650181552750594 @haveibeenpwned Twitter] (Jan 26) | <ref name="haveibeenpwnedtwitter-6012">[https://twitter.com/haveibeenpwned/status/1451650181552750594 @haveibeenpwned Twitter] (Jan 26, 2022)</ref> | ||
[https://cryptobriefing.com/3-million-coinmarketcap-email-addresses-have-leaked/ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing] (Jan 26) | <ref name="cryptobriefing-6013">[https://cryptobriefing.com/3-million-coinmarketcap-email-addresses-have-leaked/ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing] (Jan 26, 2022)</ref> | ||
[https://cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-Addresses CoinMarketCap Data Breach Leaks 3.1M Email Addresses - Crypto Daily™] (Jan 26) | <ref name="cryptodaily-6014">[https://cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-Addresses CoinMarketCap Data Breach Leaks 3.1M Email Addresses - Crypto Daily™] (Jan 26, 2022)</ref> | ||
[https://cryptopotato.com/report-over-3-million-email-addresses-of-coinmarketcap-users-leaked/ Report: Over 3 Million Email Addresses of CoinMarketCap Users Leaked] (Jan 26) | <ref name="cryptopotato-6015">[https://cryptopotato.com/report-over-3-million-email-addresses-of-coinmarketcap-users-leaked/ Report: Over 3 Million Email Addresses of CoinMarketCap Users Leaked] (Jan 26, 2022)</ref> | ||
[https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses CoinMarketCap hack reportedly leaks 3.1 million user email addresses] (Jan 26) | <ref name="cointelegraph-6016">[https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses CoinMarketCap hack reportedly leaks 3.1 million user email addresses] (Jan 26, 2022)</ref> | ||
[https://www.republicworld.com/technology-news/other-tech-news/data-of-over-3-million-coinmarketcap-users-leaked-questions-raised-on-storage-techniques.html Data of over 3 million CoinMarketCap users leaked, questions raised on storage techniques] (Jan 26) | <ref name="republicworld-6017">[https://www.republicworld.com/technology-news/other-tech-news/data-of-over-3-million-coinmarketcap-users-leaked-questions-raised-on-storage-techniques.html Data of over 3 million CoinMarketCap users leaked, questions raised on storage techniques] (Jan 26, 2022)</ref> | ||
[https://twitter.com/CoinMarketCap/status/1451813671961833473 @CoinMarketCap Twitter] (Jan 26) | <ref name="coinmarketcaptwitter-6018">[https://twitter.com/CoinMarketCap/status/1451813671961833473 @CoinMarketCap Twitter] (Jan 26, 2022)</ref> | ||
[https://decrypt.co/84242/3-million-coinmarketcap-emails-surface-online-but-no-trace-of-security-breach 3 Million CoinMarketCap Emails Surface Online But ‘No Trace’ of Security Breach - Decrypt] (Jan 26) | <ref name="decrypt-6019">[https://decrypt.co/84242/3-million-coinmarketcap-emails-surface-online-but-no-trace-of-security-breach 3 Million CoinMarketCap Emails Surface Online But ‘No Trace’ of Security Breach - Decrypt] (Jan 26, 2022)</ref> | ||
[https://twitter.com/coinbureau/status/1451877702563139589 @coinbureau Twitter] (Jan 26) | <ref name="coinbureautwitter-6020">[https://twitter.com/coinbureau/status/1451877702563139589 @coinbureau Twitter] (Jan 26, 2022)</ref> | ||
[https://ca.finance.yahoo.com/news/over-3-million-coinmarketcap-email-012917781.html Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report] (Jan 26) | <ref name="yahoofinance-6021">[https://ca.finance.yahoo.com/news/over-3-million-coinmarketcap-email-012917781.html Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report] (Jan 26, 2022)</ref> | ||
[https://twitter.com/Rajeshsapkal19/status/1451654994864730112 @Rajeshsapkal19 Twitter] (Jan 26) | <ref name="rajeshsapkal19twitter-6022">[https://twitter.com/Rajeshsapkal19/status/1451654994864730112 @Rajeshsapkal19 Twitter] (Jan 26, 2022)</ref> | ||
[https://twitter.com/itsTomasina/status/1452537311443312644 @itsTomasina Twitter] (Jan 26) | <ref name="itstomasinatwitter-6023">[https://twitter.com/itsTomasina/status/1452537311443312644 @itsTomasina Twitter] (Jan 26, 2022)</ref> | ||
[https://twitter.com/facted_net/status/1451821349501087750 @facted_net Twitter] (Jan 26) | <ref name="factednettwitter-6024">[https://twitter.com/facted_net/status/1451821349501087750 @facted_net Twitter] (Jan 26, 2022)</ref> | ||
[https://gadgets.ndtv.com/cryptocurrency/news/coinmarketcap-data-breach-over-three-million-users-hack-crypto-tracker-leak-2587094 Data of Over Three Million CoinMarketCap Users Breached, Crypto-Tracker Acknowledges | Technology News] (Jan 26) | <ref name="ndtvgadgets-6025">[https://gadgets.ndtv.com/cryptocurrency/news/coinmarketcap-data-breach-over-three-million-users-hack-crypto-tracker-leak-2587094 Data of Over Three Million CoinMarketCap Users Breached, Crypto-Tracker Acknowledges | Technology News] (Jan 26, 2022)</ref> | ||
[https://www.coindesk.com/business/2021/10/25/over-3-million-coinmarketcap-email-addresses-leaked-to-dark-web/ Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report] (Jan 26) | <ref name="coindesk-6026">[https://www.coindesk.com/business/2021/10/25/over-3-million-coinmarketcap-email-addresses-leaked-to-dark-web/ Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report] (Jan 26, 2022)</ref> | ||
[https://news.trendmicro.com/2021/10/27/coinmarketcap-hack-3-1-million-users-data-leaked/ https://news.trendmicro.com/2021/10/27/coinmarketcap-hack-3-1-million-users-data-leaked/] (Jan 26) | <ref name="trendmicronews-6027">[https://news.trendmicro.com/2021/10/27/coinmarketcap-hack-3-1-million-users-data-leaked/ https://news.trendmicro.com/2021/10/27/coinmarketcap-hack-3-1-million-users-data-leaked/] (Jan 26, 2022)</ref> | ||
[https://haveibeenpwned.com/ https://haveibeenpwned.com/] (Jan 26) | <ref name="haveibeenpwned-6028">[https://haveibeenpwned.com/ https://haveibeenpwned.com/] (Jan 26, 2022)</ref></references> | ||
Latest revision as of 12:04, 4 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
A list of 3.1M email addresses, with strong correlation to users registered on CoinMarketCap, was found online. CoinMarketCap claims that the list must have come from an alternate source, and they were unable to find a breach on their servers. However, no complete alternative hypothesis has been brought forth. No passwords or other data were included on the list.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21]
About CoinMarketCap
"CoinMarketCap is a website that tracks the price movement of cryptocurrency. Binance Capital Management, which runs cryptocurrency exchanges, acquired CoinMarketCap in April 2020." "A recent report by statistics firm HypeStat claimed that every day more than 20 lakh 70 thousand people from countries like the US, India and Japan visit the platform to price-track and stay updated on cryptocurrencies."
"Have I Been Pwned is a website that tracks hacks and compromised accounts online."
"On October 12, 2021 CoinMarketCap customer database was breached resulting the leak of 3.1M user email addresses. As with previous such leak, expect to see an increase in cryptocurrency related phishing attacks." "Data from more than 3 million users of CoinMarketCap (CMC) was leaked in early October, crypto tracker confirmed."
"CryptoPotato reported earlier this week that the registered email IDs of 3,117,548 CMC users were illegally extracted and uploaded to hacking platforms by cybercriminals on October 12. These email ids are now being traded on the dark web."
"“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base.”"
"New breach: 3.1M email addresses from CoinMarketCap were found being traded this month. CMC have advised there is "a correlation with our subscriber base", but are yet to identify the source of the data. 99% were already in @haveibeenpwned https://haveibeenpwned.com"
"CoinMarketCap, however, did not say if the email list correlates 100% with accounts on its platform." “We have not found any evidence of a data leak from our own servers,” CoinMarketCap noted, adding that it will provide future updates."
A CryptoPotato report quoted a person associated with the CMC as saying, “The data lists we have seen are only email IDs and do not contain any passwords. We are connected with our subscriber base. We haven’t found any evidence of data leaks from our own servers. We are actively investigating this issue and will update our subscribers as soon as we have new information”. (The identity of the individual has not been disclosed.) "[T]he way in which the data was leaked is still unknown."
"You may have seen some information online about CoinMarketCap emails — we want to assure our users that there has been no leak from our own servers. We urge everyone adopt good cybersecurity habits, and to have unique passwords on every site they use."
"We believe that a bad actor (or actors) took a list of leaked emails (this list that claims to be from CoinMarketCap) and compared it with other batches of leaked data," the company says. "This is how the list of emails that claims to be from CoinMarketCap looks real -- it’s because it’s a 'cleaned' email dataset from the Dark Web that has occurred in previous leaked email sets totally unrelated to CoinMarketCap."
"Following the report, a lot of Coin Market Users who use the platform to monitor their investments are reporting on social media platforms about security alerts. The users claim that they have been getting security alerts for a few days, which seems to coincide with the security breach and data leak."
"Regardless of where the list originates, having an accurate, long list of people who are interested in cryptocurrency is very useful for attackers for phishing attempts. Given that this data appears to have been circulating for at least two months, that's likely already been occurring."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| October 12th, 2021 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Using separate email addresses for each registration can limit the potential impacts of any data breach, and enable accurate knowledge of what was breached. Always pay special care to the source of email messages, and never interact directly with an email message. Instead, go to the official website of the service to confirm any actions needed.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ No Title (Jan 10, 2022)
- ↑ CoinMarketCap: No Breach Despite 3.1M Email Address Leak (Jan 25, 2022)
- ↑ https://coinmarketcap.com/alexandria/article/good-security-habits (Jan 26, 2022)
- ↑ Data of more than 3 million users of CoinMarketCap leaked! (Jan 26, 2022)
- ↑ @haveibeenpwned Twitter (Jan 26, 2022)
- ↑ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing (Jan 26, 2022)
- ↑ CoinMarketCap Data Breach Leaks 3.1M Email Addresses - Crypto Daily™ (Jan 26, 2022)
- ↑ Report: Over 3 Million Email Addresses of CoinMarketCap Users Leaked (Jan 26, 2022)
- ↑ CoinMarketCap hack reportedly leaks 3.1 million user email addresses (Jan 26, 2022)
- ↑ Data of over 3 million CoinMarketCap users leaked, questions raised on storage techniques (Jan 26, 2022)
- ↑ @CoinMarketCap Twitter (Jan 26, 2022)
- ↑ 3 Million CoinMarketCap Emails Surface Online But ‘No Trace’ of Security Breach - Decrypt (Jan 26, 2022)
- ↑ @coinbureau Twitter (Jan 26, 2022)
- ↑ Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report (Jan 26, 2022)
- ↑ @Rajeshsapkal19 Twitter (Jan 26, 2022)
- ↑ @itsTomasina Twitter (Jan 26, 2022)
- ↑ @facted_net Twitter (Jan 26, 2022)
- ↑ Data of Over Three Million CoinMarketCap Users Breached, Crypto-Tracker Acknowledges | Technology News (Jan 26, 2022)
- ↑ Over 3 Million CoinMarketCap Email Addresses Leaked to Dark Web: Report (Jan 26, 2022)
- ↑ https://news.trendmicro.com/2021/10/27/coinmarketcap-hack-3-1-million-users-data-leaked/ (Jan 26, 2022)
- ↑ https://haveibeenpwned.com/ (Jan 26, 2022)