Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
CoinGecko Responds to Email Platform Breach with Security Enhancements

Highlights:

  • CoinGecko’s third-party email service, GetResponse, suffered a breach, affecting 1.9 million contacts.
  • The breach resulted from a compromised GetResponse employee account; no CoinGecko passwords were compromised.
  • CoinGecko has notified affected users and strengthened security measures with GetResponse.

CoinGecko, a leading independent cryptocurrency data aggregator, experienced a security incident involving its third-party email platform, GetResponse. This breach resulted from unauthorized access to a GetResponse employee’s account. 

Despite the significant scale of the breach, which compromised personal details such as names, email addresses, and IP locations of approximately 1.9 million users, no CoinGecko user passwords were affected.

Immediate Detection and Response

The anomaly was detected early on June 5, when unusual activity on the GetResponse platform raised alarms. CoinGecko’s security team swiftly coordinated with GetResponse and confirmed the breach by the following day. 

The quick response prevented the misuse of CoinGecko’s domain for phishing attempts, although the attacker managed to send over 23,000 phishing emails from another client’s account.

Security Measures and User Notification

Following the breach, CoinGecko immediately secured user data and prevented future incidents. This included an extensive audit of their security systems and implementing enhanced security measures in collaboration with GetResponse. Affected users were promptly notified about the breach and advised on protective measures to guard against potential phishing scams.

CoinGecko urges all users to remain vigilant, particularly concerning email communications. Users should be wary of emails from unfamiliar sources and avoid clicking links or downloading attachments from unsolicited emails. Users should exercise special caution against emails that claim to offer token airdrops, a common tactic attackers use following a breach.

Furthermore, CoinGecko has reassured users that it does not issue tokens or coins and that malicious actors make any such offers unequivocally. The company’s commitment to user security remains steadfast, evidenced by its transparent communication and proactive measures post-incident.

Industry-Wide Concerns

This breach is part of a larger pattern targeting cryptocurrency firms, highlighted by recent disclosures from other industry players. The incident underscores the need for enhanced security protocols across third-party services, which have become a common vector for cyber-attacks.

Recently, several Binance users have reported significant losses due to account hacks. These incidents involved a malicious Google plugin facilitating unauthorized access by capturing user cookies. Hackers exploited these cookies to bypass both two-factor authentication (2FA) and password verifications. This breach has highlighted potential vulnerabilities within Binance’s security protocols. 

The cryptocurrency community has expressed concerns over the platform’s response to these security breaches. Criticisms focus on the delayed reactions and the perceived inadequacy of the platform’s risk management measures. 

Binance is addressing security issues, urging users to exercise increased caution and closely monitor their accounts for unusual activities. These hacks highlight the risks associated with digital asset platforms and underscore the importance of implementing robust security measures.

Read More

Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.

Binance Banner