A major breach – The platforms of cryptocurrencies are frequently subject to hacker attacks. Thus, the trading platform Gemini discovered a major user data leak this week. The opportunity for us to remember the essential elements to optimize digital security, whether we have cryptocurrencies or not.
Data leak at Gemini
Gemini is a cryptocurrency exchange platform used by nearly 13 million users.
On December 14, she announcement very bad news: many user information leaked
According to the report published by our colleagues at Cointelegraph, a hacker managed to extract a database containing more than 5.7 million rows. In these data, we find emails and partial phone numbers.
“Additionally, some emails were repeated in the document; thus, the number of affected customers is probably less than the total number of information ranks. »
Nevertheless, this case seems to affect almost half of the users of the platform. On his side, Gemini denounces an incident at a third-party seller. Therefore, Gemini’s computer systems would not be the source of this breach.
Fortunately, this data leak did not reveal more sensitive data such as names and surnames or addresses of users.
Watch out for phishing attacks
This whole affair was discovered after many Gemini users claimed to be the target of phishing attacks.
“Some Gemini customers have recently been the target of phishing campaigns which we believe are the result of an incident at a third party vendor. This incident led to the collection of partial email addresses and phone numbers of Gemini customers. No Gemini account information or systems were impacted by this third-party incident, and all customer funds and accounts remain secure. »
So, once the data was in his possession, the hacker set out to send a series of emails pretending to be Gemini or other companies in the crypto sector.
The objective of the maneuver is to push users to connect to a fraudulent platform, to then steal their cryptocurrencies.
This modus operandi is now well known in the crypto ecosystem. Indeed, many phishing attacks have affected all types of projects. The NFT ecosystem has been particularly impacted by this type of attack.
>> You don’t trust the platforms to keep your cryptos? Ledger has the solution (commercial link) <<
A few safety reminders
As always, this type of event seems to be opportune to make some security reminders. First of all, if you are a Gemini user and your address has leaked, we advise you to change the email address used on your Gemini account.
Also, it is strongly recommended to use two-factor authentication (2FA) on trading platforms.
Regarding phishing attacks, these take the form and graphic charter of authentic emails. Nevertheless, several points make it quite easy to detect them:
- These emails are too good to be true. For example, you earn thousands or even millions of dollars without any context. It can also be in the form of “exclusive NFTs” that are too good to be true;
- Always verify the address of the sender of the email. Often, this makes it possible to detect the attempted scam with the use of an email address that has no connection with the company he is trying to copy;
- Always check the address of the sites you connect to. It is easy to replace a letter in a URL to make the user believe that he is on the official site. Be careful ;
- On the side of your wallet, do not log in or sign transactions on unknown sites. This could prevent you from granting the right to the hacker to access your funds without doing it on purpose.
Be careful, phishing attacks are extremely common. The latter have wreaked havoc in the last few months in the crypto ecosystem.
Last July, $8 million stolen from users in phishing attack targeting Uniswap DEX. The attacker had copied the Uniswap site identically so that his victims connected their wallet to it to siphon it off as soon as they were connected.
In crypto, do not economize on caution! So, to keep your crypto assets safe, the best solution is still a personal hardware wallet. At Ledger, there is something for all profiles and all cryptos. Do not wait to put your capital in safety (commercial link)!