CoinGecko has issued a warning to its users to be vigilant when opening emails after a security breach occurred via its third-party email platform.
Passwords are safe
Earlier last week, CoinGecko identified unusual activity on its email marketing platform, GetResponse, and the cryptocurrency data aggregator later confirmed that an attacker had used a GetResponse employee’s login credentials, likely with social engineering to access customers’ accounts.
This breach exposed user information, including names, email addresses, IP addresses, email opening locations, and metadata such as account sign-up dates and subscription plans.
CoinGecko reassured users that their accounts remain secure and passwords weren’t compromised.
Emails and data
The attacker managed to export nearly 2 million contacts from CoinGecko’s GetResponse account and used another GetResponse user’s account to send phishing emails to more, than 23,000 contacts.
Phishing, a method commonly used by fraudsters to obtain victims’ login credentials and hijack their accounts, remains a significant threat in the crypto sphere.
It’s essential for users to maintain a high level of skepticism, double-check the identity of the sender, and be aware of signs of fake websites to avoid falling victim to such scams.
CoinGecko has coordinated with GetResponse to halt further email deliveries but cautions users that they may still experience an increase in phishing or spam emails.
The challenge here is that these phishing emails appear to come from a credible source, making them seem legitimate at first glance.
No CoinGecko token
CoinGecko emphasized that any email claiming to offer token airdrops by CoinGecko or GeckoTerminal is unauthorized and sent by the attacker, as the company clarified that it doesn’t have any officially issued tokens.
CoinGecko is actively investigating the breach with GetResponse, informing affected users, and reviewing its security protocols to help prevent future incidents.
This breach highlights the threat of phishing attacks in the cryptocurrency space, where even a seemingly secure platform can be compromised through third-party vulnerabilities, or like now, after human interference.
Users are advised to stay alert and verify the authenticity of any unexpected communications related to their cryptocurrency accounts.
Have you read it yet? The tokenization of a Stradivarius violin
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.