Coincheck customers fall victim to a data breach

In 2018, Coincheck, the Japanese firm, fell victim to probably the largest cryptocurrency hack in history – stated that a third party accessed an account that was held with domain registration service, Onamae.com. It was noticed that the attackers then used its .jp domain account to send fake emails to clients.

Japan’s Coincheck exchange has fallen victim to a data breach after attackers accessed one of its domain name accounts and used it to impersonate the firm.

Via @paddybaker_ https://t.co/F523FiiuMQ

— CoinDesk (@CoinDesk) June 3, 2020

The report states: “A third party who made unauthorized access fraudulently sent some emails from our customers during the period from May 31 to June 1, 2020.” Furthermore, it was revealed that [the domain name] was in a position where it could be easily acquired. 

About 200 customers’ data was exposed, who had sent replies to emails from the attackers. Coincheck stated that personal identification information such as names, addresses, and ID photographs have been illegally attained. It is likely that hackers were phishing for “know your customer” verification information so they could access customer accounts, but the main purpose is unclear.

It is currently being investigated that how the third parties gained access to Coincheck’s domain account. Although the exchange has claimed that a loss of funds was not detected in the attack, it has suspended crypto remittances until Onamae’s investigation is completed. All other services will remain operational during the time, including fiat deposits and withdrawals, as well as cryptocurrency trading.

For customer support and inquiry, the firm is requesting that emails are sent to coincheck.jp and not coincheck.com for the time being.