Coinbase Targeted in Cyber Attack: Data Breach and Extortion Attempt

Coinbase, a leading global cryptocurrency exchange, has confirmed it was the victim of a recent cyber attack. The incident resulted in a data breach and a subsequent extortion attempt, highlighting the increasing sophistication of cybercriminals targeting the digital asset space.

The attack compromised sensitive employee information, including access credentials. While the breach was quickly contained, it underscores the vulnerabilities even major cryptocurrency platforms face.

According to an official statement from Coinbase, the attackers demanded $20 million in exchange for keeping the stolen data private. This tactic is a hallmark of double extortion schemes, which are becoming increasingly prevalent in the digital landscape.

Researchers at Check Point Research (CPR), the threat intelligence division of Check Point Software, recently analyzed the attack and emphasized that this type of incident is not isolated.

“This case demonstrates that even the largest crypto platforms, with robust security structures, are vulnerable to well-coordinated attacks,” says Eli Smadja, Research Group Manager at Check Point Software. “We are facing a new era of organized cybercrime, with highly professional structures, service-based business models, and international affiliate networks.”

The Resurgence of Inferno Drainer: A Growing Threat

The Check Point Research (CPR) team has identified the return of Inferno Drainer, a stealthy Drainer-as-a-Service (DaaS) scheme. In the past six months, it has drained over $9 million in digital assets from more than 30,000 wallets.

This illicit model allows affiliates to rent complete attack kits, including phishing pages, automated scripts, and technical support, to execute large-scale fraud. The new version of Inferno Drainer employs advanced techniques, such as:

• Encrypted C&C (Command and Control) configuration stored on the blockchain, specifically the Binance Smart Chain.
• Disposable smart contracts that self-destruct after a transaction, making detection and blocking difficult.
• Secure proxies and OAuth2-based evasion techniques that bypass browsers, wallets, and detection mechanisms.
• Multi-layered AES encryption and strong obfuscation, hindering analysis by security experts.
• The modus operandi often involves fake verifications on platforms like Discord, imitation of bots like Collab[.]Land, and simulation of legitimate interfaces to trick users into authorizing malicious transactions.

Why Should This Type of Attack Concern Everyone?

While high-profile cases target large platforms like Coinbase, cybercriminals also target individual investors, users of decentralized applications, and anyone who frequently uses digital wallets.

Check Point Software also warns of an increase in attempts to emotionally manipulate users through fraudulent messages that mimic promotions, airdrops, security updates, or urgent verification requests.

“We are witnessing the fusion of classic social engineering and highly evasive technological tools. The result is fraud that accurately replicates the legitimate communication channels of crypto brands and trading platforms,” highlights Muhammad Yahya Patel, Security Engineering Lead at Check Point Software.

How to Protect Yourself in This New Landscape

• Avoid clicking on links received via email, SMS, or social media, even if they appear to come from well-known brands. Always access the official website directly through your browser.
• Use temporary wallets to interact with new or unfamiliar platforms.
• Carefully verify each transaction request: if you do not understand what you are authorizing, do not sign.
• Be wary of promotions or urgent offers – these are common tactics to deceive users and compromise wallets.
• Use cybersecurity solutions with real-time threat intelligence (such as Check Point Harmony Browse and Check Point Quantum Gateway).