Hackers hijack one of Coincheck’s domains for spear-phishing attacks4 juin 2020
Hackers hijacked Coincheck’s domain registrar account and then changed DNS settings.
Japanese cryptocurrency exchange Coincheck says hackers took control over its account at a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers.
The exchange paused remittance operations on its platform on Tuesday while it’s investigating the incident. Other operations, such as withdrawals or deposits, have not been blocked.
According to an incident report published yesterday, the company said the initial attack took place on Sunday, May 31. The hackers gained access to Coincheck’s account at Oname.com, the company’s domain registrar provider. Oname also confirmed the incident.
While Coincheck didn’t provide any technical details about the attack, Japanese security researcher Masafumi Negishi said the hackers modified the primary DNS entry for Coincheck’s coincheck.com domain.
Coincheck uses Amazon’s managed DNS service, meaning an Amazon DNS server was handling the operation of returning the server IP address where users’ clients (browser, mobile apps, wallets) needed to connect for the coincheck.com domain.