/

CoinGecko Suffers Data Breach at Third-Party Email Vendor, Over 1.9 Million Users’ Contact Details Exposed

The breach, confirmed on June 5, allowed unauthorized access to over 1.9 million user contacts from CoinGecko's database due to a compromised employee account at GetResponse.

CoinGecko, a cryptocurrency data aggregator, has reported a security breach at its third-party email service provider, GetResponse.

This incident occurred shortly after news of a fresh round of cryptocurrency airdrop scams.

The breach, confirmed on June 5, allowed unauthorized access to over 1.9 million user contacts from CoinGecko’s database due to a compromised employee account at GetResponse.

CoinGecko relayed the specifics of this breach in a statement:

“An attacker had compromised a GetResponse employee’s account, leading to a breach.

“We received confirmation from the GetResponse team on 6 June 2024, at 11:58 AM UTC, that a data breach had occurred.”

The data accessed includes names, email addresses, IP addresses, locations where emails were opened, and other metadata like sign-up dates and subscription plans.

Importantly, CoinGecko confirmed that user accounts and passwords were not compromised.

In addition to the breach, the attackers exploited the situation by sending out 23,723 phishing emails. CoinGecko clarified the extent of this phishing campaign:

“The attacker exported 1,916,596 contacts from CoinGecko’s GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates).”

Phishing attacks often target sensitive information such as crypto wallet private keys.

Other sophisticated forms of phishing include address poisoning, where scammers coax users into sending funds to fraudulent addresses.

In response to these threats, experts advise heightened vigilance.

READ MORE: Robinhood Expands into Crypto with $200 Million Bitstamp Acquisition Amid SEC Scrutiny

Hakan Unal, a senior blockchain scientist at Cyvers, emphasized the importance of verifying the authenticity of suspicious emails and securing accounts with robust measures like two-factor authentication (2FA):

“The immediate concern is the risk posed to individuals who might receive these compromised emails.

“To stay safe, users should verify the authenticity of such emails and enable multifactor authentication on all crypto accounts.”

Recent trends in cryptocurrency-related hacks have shown a significant vulnerability due to private key leaks.

Merkle Science reported that over 55% of digital asset losses in 2023 were due to these leaks.

Mriganka Pattnaik, CEO of Merkle Science, noted the increasing risk:

“The biggest security concern right now is the rapid increase in losses due to private key leaks… hackers may be looking for easier targets that require less technical knowledge to exploit, such as stealing private keys.”

This breach highlights the ongoing challenges in securing digital assets and the importance of comprehensive security measures to protect sensitive user data and prevent unauthorized access.


To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.

No information published in Crypto Intelligence News constitutes financial advice; crypto investments are high-risk and speculative in nature.