According to Have I Been Pwned, a whopping 3.1 million email addresses associated with the price-tracking website CoinMarketCap, were reportedly being traded on hacking forums.
Unfortunately, the incident only came to light after the leaked email addresses were already found trading online on several hacking forums. The hack was identified and revealed by a website called Have I Been Pwned which tracks hacking activities and compromised accounts online.
The hack has now been confirmed by CoinMarketCap, accepting that the list of the user accounts leaked matches their user base:
“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”
As the leak got confirmed on 12th October, CoinMarketCap hasn’t yet identified what exactly caused the hack. The subsidiary of Binance cryptocurrency exchange, CoinMarketCap further reassured its users that out of the 3.1 million (3,117,548) email addresses, the hackers weren’t able to gain access to any of the account passwords. The spokesperson for CoinMarketCap stated:
“We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information,”
Recently, the Coinbase crypto exchange fell to a malicious hack and ended up compromising over 6,000 user accounts.
Manipulating Coinbase’s multi-factor authentication (MFA) system, the attack hinted towards an already established access to the email addresses of the users. Coinbase confirmed stating that the hackers managed to exploit a weakness in the recovery process of the account:
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”