A cryptocurrency exchange that was created last year, KeepChange, stated in a blog post they identified unauthorized activity on their platform. The company said that attackers attempted to withdraw various amounts of Bitcoin from their users’ accounts and transfer to an account of their own. While KeepChange had the proper precautions in place to prevent this type of attack, the threat actors still managed to steal some customer data. Data included names, email addresses, trade accounts, the amount traded, and hashed passwords.
Analyst Notes
While no user funds were stolen, this breach could still threaten users if the threat actor managed to crack the hashed passwords, which is more likely if any users chose passwords using names, words, or reused passwords leaked from other websites. It is recommended that everyone using the exchange change their password as a precaution. Furthermore, users should enable Multi-Factor Authentication (MFA). MFA stops an attacker from just logging into accounts as they would need the secondary code to complete authentication. When setting MFA up, a trusted authenticator application should be used instead of having SMS messages sent to phones as attackers could manage to take over a phone number to steal SMS text messages with codes. KeepChange took the security precautions a step further, suspending trading until Thursday, February 11 to allow time for people to change their passwords and enabling a security feature named Login Guard, which sends a verification email to users when they are trying to login. Though Login Guard may seem substantial enough, people should still look into enabling other MFA on their accounts. As always, passwords should not be re-used across different accounts to prevent attackers from stealing passwords and attempting to login to other accounts associated with the breached email.
More can be read here: https://www.zdnet.com/article/keepchange-said-it-stopped-hackers-from-stealing-user-funds-but-not-personal-data/
