CoinGecko Users Targeted by 23,000 Phishing Emails After Email Provider Breach

Cryptocurrency data aggregator CoinGecko has confirmed a data breach of its third-party email platform GetResponse, exposing over 23,000 users to phishing emails.

This came following yesterday’s reports of a new wave of crypto airdrop scams , suspected to affect CoinGecko.

On June 7th, CoinGecko released an announcement confirming that GetResponse suffered a data breach on June 5th. It allowed attackers to export the contact information of over 1.9 million users.

CoinGecko confirmed a compromised employee email as the cause of the data breach. They said:

“An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June 2024, at 11:58 AM UTC, that a data breach had occurred.”

The compromised data includes users’ names, email addresses, IP addresses, and email open locations. Metadata such as sign-up dates and subscription plans were also exposed. CoinGecko user accounts and passwords remain secure and uncompromised.

CoinGecko Data Breach Affects Over 23,000 Users

Despite CoinGecko’s primary email domain remaining uncompromised, the attacker was still able to send 23,723 phishing emails. CoinGecko confirmed:

“The attacker exported 1,916,596 contacts from CoinGecko’s GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates).”

Phishing is a scam where attackers deceive people into revealing sensitive information, like crypto wallet private keys.

Other phishing attacks, known as address poisoning scams, aim to trick investors into willingly sending funds to a fraudulent address that looks similar to addresses they previously interacted with.

In response, CoinGecko provided steps on how users can protect themselves from potential scams . They encourage users to avoid unfamiliar or misleading domains, clicking on links, downloading attachments from unsolicited sources, and token airdrop offerings.

Crypto Scammers’ Tactics Are Evolving

Leaks of private keys and personal data have become the primary cause of cryptocurrency-related hacks. Exploiters now target these vulnerabilities, opting for easier targets rather than attempting to breach more complex protocols.

Over 55% of the hacked digital assets were lost to private key leaks during 2023, according to Merkle Science’s 2024 HackHub report .

This trend emerges amid rising use of scam tactics that leverage AI , ushering in a new era of cyber threats. These tactics include deepfake scams, state-sponsored attacks, and other sophisticated illicit activities.

Deepfake videos frequently exploit the likeness of influential figures to promote fraudulent investment schemes. They falsely imply that the project has legitimate or official backing, legitimizing it among potential victims.

Most recently, over 35 YouTube channels live-streamed the Space X launch using an AI-generated voice to impersonate Elon Musk.

The scheme exploited Musk’s likeness to instruct viewers to send Bitcoin or Ethereum to an address to get double back. They claimed “This is not a fake, this is a real giveaway. I personally guarantee it to you.”

There have also been instances of deepfake technology impersonating high-level executives during online meetings. This exploits the figure’s position to potentially authorize large transactions, impacting both the corporate and crypto sectors.