The attackers send approximately 24,000 phishing emails derived from the compromised CoinGecko third-party email platform.
Cryptocurrency data collection company CoinGecko experienced a data breach on June 5 through GetResponse, a third-party email marketing platform.
The attackers exported nearly 2 million contacts from CoinGecko’s GetResponse accounts after compromising the accounts of GetResponse employees, CoinGecko explained in a statement. Malicious actors then sent 23,723 phishing emails from other GetResponse client accounts. No malicious emails were sent from CoinGecko’s domain.
Although CoinGecko user accounts and passwords were kept secure, the incident resulted in data leaks including usernames, emails, IP addresses, and locations where emails were opened.
“We are actively investigating this situation and notifying all affected users through GetResponse,” CoinGecko said in a statement. “We are also thoroughly reviewing our security procedures and will work with our suppliers to strengthen their security protocols.”
In the meantime, CoinGecko recommends that users pay attention to emails requesting airdrops and avoid clicking on links or downloading attachments in unsolicited emails, as well as other security practices.
Earlier this year, hackers compromised CoinGecko’s X account and promoted a suspicious airdrop for cryptocurrency GCKO, The Block previously reported.
The Block reached out to CoinGecko for comment on the June 5 data breach.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.
About the author
MK Manoylov has been a reporter for The Block since 2020, joining just before Bitcoin surpassed $20,000 for the first time. Since then, MK has written nearly 1,000 articles for publications covering all cryptocurrency-related news, preferring NFTs, metaverse, web3 games, fundraising, crime, hacking, and cryptocurrency ecosystem stories. MK holds a graduate degree from New York University’s Science, Health, and Environmental Reporting Program (SHERP) and has also covered health topics for WebMD and Insider. X You can follow MK at @MManoylov and on LinkedIn.