CoinMarketCap, the price-tracking site for cryptos, has allegedly fallen victim to a hack that leaked up to 3.1 million (3,117,548) user email addresses.
The information was discovered after the hacked email addresses were discovered to be traded and sold online on different hacking forums. It was then revealed by Have I Been Pwned, a website that is fully dedicated to tracking hacks and compromised online accounts.
Over 3.1 million email addresses that are linked to CoinMarketCap accounts were traded on these hacking platforms. CoinMarketCap is a subsidiary of the Binance crypto exchange. It confirmed that the list of leaked user accounts matched the records in its user database:
“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”
While confirming the correlation of the 3.1 million user email addresses with its userbase on October 12, the firm has assured that hackers did not gain access to any of the account passwords. CoinMarketCap spokesperson said:
Buy Crypto Now
“We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information.”
Despite that confirmation, CoinMarketCap is yet to determine the real cause of that hack. CoinMarketCap said:
“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”
Coinbase Also Hacked Like CoinMarketCap
A recent hack on the Coinbase crypto exchange compromised over 6,000 user accounts. This attack was due to the exploitation of the exchange’s multifactor authentication (MFA) system. This means that the hackers had access to the user’s email addresses. Based on Coinbase, the attackers identified a vulnerability that existed in the account recovery process:
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”
While the total value of the stolen assets is yet to be revealed by Coinbase, that incident was complimented by many formal complaints from the account holders against the exchange.