Coinhouse Exchange based in France recently became a victim of a phishing attack.
Fake E-Mails Sent to Coinhouse Customers
The hack was carried out via a phishing attack. The hacker attempted to gain the identities of the customers and get their mail database. He pretended to be an employee of the exchange and sent fake emails to all the users. Furthermore, he asked the users to identify themselves on a copy of the Coinhouse.com site.
The attack received huge backlash from the users who were livid over the exchange’s lack of security measures.
To bail the exchange out of this fiasco, the exchange has introduced a system of 2FA authentication.
The exchange has assured the users of their funds and even if they have entered their credentials on the site, they need not worry. Subsequently, withdrawals have been blocked for the next 48 hours, for security reasons. The company has promised to contact the affected users and guide them on procedures to resume activities normally on the platform. No funds were compromised on the account of the attack.
A Common Scenario
In February 2018, a criminal group, dubbed Coinhoarder, managed to amass a total of $50 million in cryptocurrencies since 2015 – including an amount of $2 million that was taken in less than a month during 2017.
The campaign was based on the simple premise of setting up fake websites mirroring the immensely popular online wallet website, Blockchain.info. The hackers then ensured a steady purchase of Google AdWords in order to infiltrate search results of users looking to access Blockchain.info and position their fake websites in a favorable spot.
With that being said, to prevent such fiascos, having 2FA authentication and not SMS authentication is mandatory. Also, the users should double-check the URL of the website before entering their credentials. Further, users should avoid using the same password on different sites and use a password manager instead to avoid falling into the trap of hackers.