Hackers stole nearly 50,000 emails from Canada-based cryptocurrency exchange, Coinsquare. Now they hope to use the data to carry out SIM exchange attacks.
One of the suspected hackers involved in the attack spoke to VICE Motherboard on June 2, explaining that the collective was originally looking to sell the information, but insisted that they could "earn more money by swapping SIM from the accounts. "
The mode of operation of SIM switching
SIM switching consists of a hacker who hijacks the target's mobile phone number, which allows them to request password resets for any website where the victim's phone is is used for two-factor authentication.
Said maneuver is often used to steal cryptocurrencies, and could represent a risk to millions of Bitcoin (BTC), Ethereum (ETH), and other cryptocurrencies stored on deposit exchanges.
VICE Motherboard states that the information received includes phone numbers and physical addresses. It also includes data on how much each user deposited into their account in the first six months, and the rating of & # 39; high value client & # 39; of & # 39; e user within the Coinsquare platform.
The hack happened due to theft of an employee of information
Stacey Hoisak, General Counsel for Coinsquare, gave more details about the VICE Motherboard attack, saying it took place in 2019. He went on:
"The data was obtained as a result of employee theft information contained in a customer relationship database that was not used for prospecting."
Hoisak said the company replaced internal sales management services, rewritten the data management policy and upgraded its internal control in an effort to prevent additional employee theft.
In 2019, the cryptocurrency exchange cooperated with the start-up of & # 39; cryptocurrency payments in & # 39; e FS, Flexa, to bring payments in digital store to Canada.