CoinGecko, a cryptocurrency data aggregator, has confirmed that its third-party email management platform GetResponse experienced a data breach. After reports emerged about new crypto airdrop scams, CoinGecko revealed that on June 5, GetResponse fell victim to a breach that allowed hackers to access the contact details of more than 1.9 million CoinGecko users.
The breach was a result of a compromised employee account, as stated in CoinGecko’s announcement on June 7. The compromised data includes user names, email addresses, IP addresses, email open locations, and other metadata like sign-up dates and subscription plans. However, user account information and passwords on CoinGecko remain safe and untouched.
Although CoinGecko’s primary email domain was not compromised, the attacker still managed to send a significant number of phishing emails, totaling 23,723. Phishing attacks involve attempts by hackers to steal sensitive information such as crypto wallet private keys. Address poisoning scams, another form of phishing, deceive investors into sending funds to fraudulent addresses that resemble ones they have previously interacted with.
Hakan Unal, a senior blockchain scientist at Cyvers, a firm specializing in on-chain security, advises users to verify the authenticity of emails and enable two-factor authentication (2FA) on crypto platforms to protect themselves from phishing attacks.
Private key and data leaks are identified as the primary cause behind cryptocurrency hacks. Instead of targeting complex protocols, exploiters are focusing on the easiest targets. Reports indicate that over 55% of hacked digital assets in 2023 were lost due to private key leaks, according to Merkle Science’s 2024 HackHub report.
Mriganka Pattnaik, the co-founder and CEO of Merkle Science, emphasizes that private key leaks remain the most significant vulnerability in the crypto space. In related news, a leaked celebrity price list revealed details about the “mastermind” behind the Caitlyn Jenner meme coin.