Coinhouse Phishing Attack: Difference between revisions
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
In response, the exchange notified all customers on Twitter, placed the platform into maintenance mode, and enforced all customers to change passwords when the platform was relaunched. | In response, the exchange notified all customers on Twitter, placed the platform into maintenance mode, and enforced all customers to change passwords when the platform was relaunched. | ||
This exchange or platform is based in France, or the incident targeted people primarily in France. | This exchange or platform is based in France, or the incident targeted people primarily in France.<ref name="slowmisthacked-1160" /><ref name="coinhouse-4357" /><ref name="cryptoglobe-4358" /><ref name="coinhousehqtwitter-4359" /><ref name="coinhousehqtwitter-4360" /><ref name="coinhousesupport-4361" /><ref name="coingape-4362" /><ref name="blockingdotnet-4363" /><ref name="bitrss-4364" /><ref name="coinhouse-4365" /> | ||
<ref name="slowmisthacked-1160" /><ref name="coinhouse-4357" /><ref name="cryptoglobe-4358" /><ref name="coinhousehqtwitter-4359" /><ref name="coinhousehqtwitter-4360" /><ref name="coinhousesupport-4361" /><ref name="coingape-4362" /><ref name="blockingdotnet-4363" /><ref name="bitrss-4364" /><ref name="coinhouse-4365" /> | |||
== About Coinhouse == | == About Coinhouse == | ||
| Line 77: | Line 76: | ||
!Description | !Description | ||
|- | |- | ||
|September 14th, 2019 | |September 14th, 2019 | ||
|Main Event | |Main Event | ||
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
| Line 85: | Line 84: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 104: | Line 106: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
<references><ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun | <references><ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref> | ||
<ref name="coinhouse-4357">[https://www.coinhouse.com/ Buy Bitcoin, Ethereum and other cryptocurrencies | Coinhouse] (Dec | <ref name="coinhouse-4357">[https://www.coinhouse.com/ Buy Bitcoin, Ethereum and other cryptocurrencies | Coinhouse] (Dec 8, 2021)</ref> | ||
<ref name="cryptoglobe-4358">[https://www.cryptoglobe.com/latest/2019/09/french-crypto-exchange-coinhouse-suffers-phishing-attack-user-names-and-emails-compromised/ French Crypto Exchange Coinhouse Suffers Phishing Attack, User Names and Emails Accessed | Cryptoglobe] (Dec | <ref name="cryptoglobe-4358">[https://www.cryptoglobe.com/latest/2019/09/french-crypto-exchange-coinhouse-suffers-phishing-attack-user-names-and-emails-compromised/ French Crypto Exchange Coinhouse Suffers Phishing Attack, User Names and Emails Accessed | Cryptoglobe] (Dec 12, 2021)</ref> | ||
<ref name="coinhousehqtwitter-4359">[https://twitter.com/CoinhouseHQ/status/1172201752751411200 @CoinhouseHQ Twitter] (Dec | <ref name="coinhousehqtwitter-4359">[https://twitter.com/CoinhouseHQ/status/1172201752751411200 @CoinhouseHQ Twitter] (Dec 12, 2021)</ref> | ||
<ref name="coinhousehqtwitter-4360">[https://twitter.com/CoinhouseHQ/status/1172261563581042690 @CoinhouseHQ Twitter] (Dec | <ref name="coinhousehqtwitter-4360">[https://twitter.com/CoinhouseHQ/status/1172261563581042690 @CoinhouseHQ Twitter] (Dec 12, 2021)</ref> | ||
<ref name="coinhousesupport-4361">[https://support.coinhouse.com/hc/en-gb/articles/360002699094-Extreme-caution-and-vigilance-against-scams https://support.coinhouse.com/hc/en-gb/articles/360002699094-Extreme-caution-and-vigilance-against-scams] (Dec | <ref name="coinhousesupport-4361">[https://support.coinhouse.com/hc/en-gb/articles/360002699094-Extreme-caution-and-vigilance-against-scams https://support.coinhouse.com/hc/en-gb/articles/360002699094-Extreme-caution-and-vigilance-against-scams] (Dec 12, 2021)</ref> | ||
<ref name="coingape-4362">[https://coingape.com/french-exchange-become-victim-phishing-attack/ This French Exchange Has Become a Victim of Phishing Attack] (Dec | <ref name="coingape-4362">[https://coingape.com/french-exchange-become-victim-phishing-attack/ This French Exchange Has Become a Victim of Phishing Attack] (Dec 12, 2021)</ref> | ||
<ref name="blockingdotnet-4363">[https://blocking.net/16307/the-french-exchange-coinhouse-has-been-attacked-by-hackers-and-has-switched-to-maintenance-mode-to-protect-user-funds/ The French exchange Coinhouse has been attacked by hackers and has switched to maintenance mode to protect user funds. Blockchain Network] (Dec | <ref name="blockingdotnet-4363">[https://blocking.net/16307/the-french-exchange-coinhouse-has-been-attacked-by-hackers-and-has-switched-to-maintenance-mode-to-protect-user-funds/ The French exchange Coinhouse has been attacked by hackers and has switched to maintenance mode to protect user funds. Blockchain Network] (Dec 12, 2021)</ref> | ||
<ref name="bitrss-4364">[https://bitrss.com/news/144376/this-french-exchange-has-become-a-victim-of-phishing-attack This French Exchange Has Become a Victim of Phishing Attack] (Dec | <ref name="bitrss-4364">[https://bitrss.com/news/144376/this-french-exchange-has-become-a-victim-of-phishing-attack This French Exchange Has Become a Victim of Phishing Attack] (Dec 12, 2021)</ref> | ||
<ref name="coinhouse-4365">[https://www.coinhouse.com/discover-us/ Discover the history of Coinhouse and its values | Coinhouse] (Dec 12, 2021)</ref></references> | <ref name="coinhouse-4365">[https://www.coinhouse.com/discover-us/ Discover the history of Coinhouse and its values | Coinhouse] (Dec 12, 2021)</ref></references> | ||
Latest revision as of 13:26, 1 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
CoinHouse, a prominent cryptocurrency exchange in France, failed to secure their newsletter database, and this fell into the hands of phishers, who requested all customers to enter their personal information on a phishing website. The requests were highly convincing since they addressed customers by name, and redirected them to a similar domain name (replacing the i with an L), however there were multiple typos in the content.
In response, the exchange notified all customers on Twitter, placed the platform into maintenance mode, and enforced all customers to change passwords when the platform was relaunched.
This exchange or platform is based in France, or the incident targeted people primarily in France.[1][2][3][4][5][6][7][8][9][10]
About Coinhouse
"A pioneer in the industry since 2015, we are your partner to buy, hold and sell your bitcoins, ethereums and more than 30 cryptoassets." "Coinhouse is a French company which has been providing cryptocurrency management and transaction services since 2015. French authorities have recognized our seriousness and the quality of our compliance operations. Therefore, we are the first PSAN registered with the Autorité des Marchés Financiers." "At Coinhouse, our goal is to make cryptoassets accessible to everyone." "Your cryptocurrencies are kept safe with our top of the line stocking solution."
"The Coinhouse adventure began in 2015. Founded by Eric Larchevêque and Thomas France, it was first known as ”La Maison du Bitcoin”. The concept was to offer a physical space in the heart of Paris, bringing together the French community passionate about blockchain and cryptoactives to share and exchange between them. In a very inmediate way, it is possible to buy and sell cryptoactives by visiting the website. An online platform was also launched, initially offering the purchase and sale of Bitcoin and Ethereum."
"In 2018, La Maison du Bitcoin became independent from Ledger. A new team led by Nicolas Louvet implemented a development strategy focusing on simple and fast online services, as well as Premium services for customers who want to be accompanied in their investments. La Maison du Bitcoin then became Coinhouse. At the end of 2018, Coinhouse Custody Services (CCS), a sister company, is created to offer a secure custody service for crypto-currencies for both Coinhouse and CCS clients."
"In 2021, Coinhouse is accelerating its development and targeting a European clientele. Now 100% online, its platform offers an intuitive interface and simple and innovative services to enable even the most novice investors to invest in the innovative cryptoasset sector. Coinhouse is also the reference partner for companies. It became the first company to obtain the status of Service Provider on Digital Assets (PSAN) from the AMF, which recognises the seriousness and quality of its operations."
"According to tweets published to the official Coinhouse account , hackers managed to gain access to the client database containing names and email addresses. The hackers then used this information to begin phishing attacks against users, leading Coinhouse to advise its customers not to click or respond to emails about the exchange."
"French cryptocurrency exchange Coinhouse says that it underwent a phishing attack, during which hackers gained access to its client mail distribution database."
"Coinhouse says they responded to the hack by immediately switching the platform to a maintenance mode, thereby preventing the hackers from gaining access to user funds. The exchange claims they were able to contain the hack and promptly sent an email to their customer base explaining how to avoid the phishing attack."
"However, the exchange acknowledged that users may have already been affected by the hack. They recommended any clients who gave credentials to the scam email to change their identifiers on other websites in order to prevent any further loss."
"In addition, Coinhouse says they will require all users to change their password when the exchange comes back online."
"We are currently undergoing a phishing attack attempt to recover the credentials of our customers. If you are a Coinhouse customer and you have received an email asking to verify your data, do not click. It's not about us."
"It was our newsletter distribution base that was attacked, not our platform. This is how they were able to send this email with your first name. If you did not click on the email button, your credentials were not leaked."
"Yes that's it! Warning! It plays on the site address where the i of coinhouse is replaced by an L."
"The attack targeted our email distribution base. The hackers had temporary access to this database which contains first names, names and emails. They used it to try to redirect to their bogus site."
"We immediately put our platform into maintenance to prevent any fraudulent attempt to withdraw funds. At the same time, we quickly stopped the attack and then sent an email back to our customer base explaining the procedure to follow."
"If some of our customers have given their identifiers on this fake site, we advise them to check if they use the same identifiers for other sites. If this is the case, they must change their identifiers on these sites as a precaution."
"Regarding our platform: when it comes back online, all our customers will be asked to enter a new password."
This exchange or platform is based in France, or the incident targeted people primarily in France.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| September 14th, 2019 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
- ↑ Buy Bitcoin, Ethereum and other cryptocurrencies | Coinhouse (Dec 8, 2021)
- ↑ French Crypto Exchange Coinhouse Suffers Phishing Attack, User Names and Emails Accessed | Cryptoglobe (Dec 12, 2021)
- ↑ @CoinhouseHQ Twitter (Dec 12, 2021)
- ↑ @CoinhouseHQ Twitter (Dec 12, 2021)
- ↑ https://support.coinhouse.com/hc/en-gb/articles/360002699094-Extreme-caution-and-vigilance-against-scams (Dec 12, 2021)
- ↑ This French Exchange Has Become a Victim of Phishing Attack (Dec 12, 2021)
- ↑ The French exchange Coinhouse has been attacked by hackers and has switched to maintenance mode to protect user funds. Blockchain Network (Dec 12, 2021)
- ↑ This French Exchange Has Become a Victim of Phishing Attack (Dec 12, 2021)
- ↑ Discover the history of Coinhouse and its values | Coinhouse (Dec 12, 2021)