Home News Hackers use Firefox ‘Zero-day’ bug to attack against Coinbase employees

Hackers use Firefox ‘Zero-day’ bug to attack against Coinbase employees


Web browser developer Mozilla announced that it has patched its Firefox browser’s vulnerability in response to a spear-phishing campaign targeting employees of cryptocurrency exchange Coinbase. The company has released the latest version of the Firefox browser and urged the users to update their browsers.

The Coinbase security team and a security researcher Samuel D. Gross from Google discovered a “Zero-day” vulnerability in the Mozilla Firefox browser, which can be used to launch a cyber-attack using JavaScript objects, ZDNet reported.

“The bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape in order to run code on an underlying operating system. However, most likely it can also be exploited for UXSS [universal cross-site scripting] which might be enough depending on the attacker’s goals,” Gross said in a statement.

The hackers have attempted to phish Coinbase staff with emails containing links to malicious websites. The malware can automatically download, if the links were clicked using Firefox browser, and run malware on the system, stealing browser passwords and other sensitive information, according to Coinbase.

“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported zero-day, along with a separate zero-day Firefox sandbox escape, to target Coinbase employees,” said Philip Martin, a member of the Coinbase security team, which reported the attacks to Mozilla.

“We walked back the entire attack, recovered and reported the 0-day to Firefox, pulled apart the malware and [infrastructure] used in the attack, and are working with various organizations to continue burning down [the] attacker’s infrastructure and digging into the attacker involved,” Martin added.

Recently, the cryptocurrency exchange Bithumb once again made it to the headlines after discovering a cyber-attack. This is the third such incident for the South Korean exchange platform in the past three years.

In an official statement, Bithumb stated that on March 29, 2019, at around 10:15 pm the company detected abnormal withdrawals of its cryptocurrencies from its hot wallets. It’s believed that attackers possibly made off around three million EOS (worth $13.4 million) and 20 million Ripple coins (XRP) of worth $6 million.

Bithumb stated that it secured all the cryptocurrency during the detection time and confirmed that the customers’ assets are safe under the protection of a cold wallet. Describing the incident as an “accident involving insiders”, Bithumb said “we are conducting intensive investigations with KISA, Cyber Police Agency and security companies. At the same time, we are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent.”

This is a third cyber-attack the company revealed in the past three years. The first hack happened in July 2017, when hackers stole $7 million in Bitcoin and Ethereum, while the second incident took place in June 2018, when hackers stole hackers stole 35 billion won ($31 million). Bithumb released a list of 11 cryptocurrencies lost during the hack as well as the corresponding amounts.