Recent Firefox Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees

Published at: June 20, 2019

The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20.

As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks.

The Coinbase security expert tweeted:

“On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.”

Martin continued that Coinbase was not the only crypto-related company targeted in the campaign, adding that the firm is working to report other businesses that they believe were also targeted. He emphasized that the company’s security team has seen “no evidence” that the exploit targeted Coinbase customers.

Coinbase Security first reported on the security flaw along with Samuel Groß, security researcher with Google Project Zero’s security team, who argued that he first reported the bug to Mozilla on April 15, 2019.

Following these reports, Mozilla released security updates for its browser, admitting that the company is “aware of targeted attacks in the wild abusing this flaw.”

Specifically, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix the reported zero-day flaw tracked as CVE-2019-11707, describing it as a “confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.”

Recently, crypto enthusiast John McAfee's crypto trading platform suffered a denial of service (DOS) attack by hackers immediately after its launch.

Tags
Related Posts
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Hotbit crypto exchange shuts down for maintenance after attempted hack
Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday. “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads. The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange. With all normal operations currently paused during the ongoing maintenance, …
Business / April 30, 2021
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
California Man Sues AT&T Over Loss of $1.8M and Crypto Accounts
California resident Seth Shapiro has filed a lawsuit against wireless service giant AT&T alleging that its employees helped to perpetrate a SIM-swap which resulted in the theft of over $1.8 million in total, including cryptocurrencies. The complaint filed on Oct. 17 claims that Shapiro is “a two-time Emmy Award-winning media and technology expert, author, and adjunct professor at the University of Southern California School of Cinematic Arts.” The lawsuit alleges that between May 16 and May 18 AT&T employees transferred access to Shapiro’s mobile phone to outside hackers: “AT&T employees obtained unauthorized access to Mr. Shapiro’s AT&T wireless account, viewed …
Cryptocurrencies / Oct. 20, 2019
Binance Falls From Top 10 in CryptoCompare’s New Crypto Exchange Rankings
London-based crypto data provider CryptoCompare has updated its crypto Exchange Benchmark, removing Binance cryptocurrency exchange from the list of the top 10 exchanges. Binance, the second biggest crypto exchange by daily trade volume to date, is not included in the CryptoCompare’s list as the rankings do not rely on aggregate volume data in its analysis, the firm said in a press release to Cointelegraph on Nov. 19. In order, the top 10 crypto exchanges in CryptoCompare’s second Exchange Benchmark are: Gemini, Paxos’ itBit, Coinbase, Kraken, Bitstamp, Liquid, OKEx, Poloniex, bitFlyer and Bitfinex. Binance was ranked seventh in the first Exchange …
Blockchain / Nov. 20, 2019