Major cryptocurrency exchanges Binance and Kraken have been hit by social engineering attacks similar to the one recently reported by Coinbase. However, unlike the latter, they managed to avoid leaking user data thanks to effective internal security systems, Bloomberg reports . Details of the Attack on Coinbase On May 15, the exchange Coinbase reported that cybercriminals bribed offshore support staff. Thus, the attackers gained access to users' personal data and account management records. According to the exchange's estimates, addressing the consequences of the incident and voluntary compensation payments to clients will cost Coinbase about $400 million. In addition, the company announced a $20 million reward for information that will help to convict the blackmailers. However, the exchange emphasized that user passwords, private keys, and funds were not directly compromised. Scheme of the Attack on Binance and Kraken It remains unclear whether the hackers who attacked Binance and Kraken were the same ones who successfully hacked Coinbase. According to Bloomberg, the attackers attempted to contact the support representatives of these exchanges via Telegram, requesting sensitive customer information such as account balances and home addresses. Fortunately for users, the artificial intelligence-based security systems of both exchanges recognized and blocked these social engineering attacks in time. Analysis and Conclusion This case shows how sophisticated the methods of cybercriminals targeting cryptocurrency exchanges are becoming. Instead of direct attacks on technical systems, they are increasingly using social engineering to try to manipulate company employees. Attacks on cryptocurrency exchanges are becoming more and more targeted, and now hackers are not only trying to breach defenses, but also looking for weak links among staff. Support staff who work remotely and are not always properly trained in information security are especially vulnerable
