CoinMarketCap hack reportedly leaks 3.1 million user email addresses

Published at: Oct. 23, 2021

CoinMarketCap, a price-tracking website for cryptocurrencies, has reportedly fallen victim to a hack that leaked 3.1 million (3,117,548) user email addresses. 

The information came into light after the hacked email addresses were found to be traded and sold online on various hacking forums, and revealed by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts.

CoinMarketCap, a subsidiary of Binance cryptocurrency exchange, confirmed that the list of leaked user accounts matched its userbase:

“CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base.”

While confirming the correlation of the 3.1 million (3,117,548) user email addresses with its userbase on Oct. 12, the company has assured that the hackers did not gain access to any of the account passwords. “We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information,” CoinMarketCap spokesperson said.

Despite the confirmation, CoinMarketCap has yet to identify the exact cause of the hack. Responding to Cointelegraph's request for comment, CoinMarketCap said:

"As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites."

Related: Hackers exploit MFA flaw to steal from 6,000 Coinbase customers — Report

A recent hack on the Coinbase crypto exchange resulted in the compromise of 6,000 user accounts.

The attack was a result of exploiting the exchange’s multifactor authentication (MFA) system, which suggests that the hackers had access to the user’s email addresses. According to Coinbase, the attackers identified a vulnerability in the account recovery process:

“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.”

While the value of stolen assets has yet to be revealed by Coinbase, the incident was complemented by thousands of formal complaints from the account holders against the company.

Tags
Related Posts
Bent Finance confirms pool exploit, advises investors to withdraw funds
Staking and farming platform Bent Finance joins the list to become the sixth crypto establishment to get hacked in December. The acknowledgment of the attack was followed by requesting investors to withdraw their pool funds and disabling the reward claims on the compromised platform. Bent Finance first realized the exploit on Monday at roughly 8:55 PM EST, a timeline when the company reported no loss of funds. However, the community suspected a rug-pull event when blockchain investigator PeckShield allegedly located the source of the hack transactions. We have located the hack tx, which interestingly is sent from the Bent Finance: …
Blockchain / Dec. 21, 2021
BlockFi confirms unauthorized access to client data hosted on Hubspot
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, Mar. 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and …
Blockchain / March 19, 2022
MetaMask issues scam alert as NameCheap hacker sends unauthorized emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Blockchain / Feb. 13, 2023
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
NFT-delivered court orders an answer to blockchain-related litigation: Lawyers
Non-fungible tokens (NFTs) are becoming an increasingly popular solution to serving defendants in blockchain-based crimes that would otherwise be unreachable, according to crypto lawyers. The last year has seen an increase in litigation delivered over NFTs in cases where those accused of blockchain crime wereuncontactable through traditional methods of communication. In November 2022, the United States District Court for the Southern District of Florida granted a United States law firm The Crypto Lawyers its request for its client to serve a defendant via NFT. While the defendant's identity was unknown, the plaintiff accused the defendant of stealing cryptocurrency to the …
Adoption / Jan. 24, 2023