CoinGecko Users Receive 23000 Phishing Emails Following Email Provider Breach

CoinGecko Users Targeted by 23,000 Phishing Emails Following Email Provider Breach


By Harvey Hunter
Updated:
June 7, 2024 11:59 EDT
|
Reading Time: 2 mins


The popular cryptocurrency data aggregator, CoinGecko, has confirmed that a breach occurred on its third-party email platform, GetResponse, resulting in over 23,000 users being exposed to phishing emails.
This incident occurred in the wake of recent reports about a surge in crypto airdrop scams, with suspicions that CoinGecko may have been affected.
On June 7th, CoinGecko issued an official statement confirming the data breach that took place on June 5th at GetResponse. The breach allowed attackers to access the contact details of more than 1.9 million users.
CoinGecko has identified a compromised employee email as the root cause of the breach. They stated:
“An attacker gained access to an employee’s account at GetResponse, leading to the breach. The GetResponse team confirmed the breach on June 6, 2024, at 11:58 AM UTC.”
The compromised information includes users’ names, email addresses, IP addresses, and locations of email opens. Additionally, metadata such as sign-up dates and subscription plans were also exposed. However, CoinGecko assures that user accounts and passwords remain secure and unaffected.
Over 23,000 CoinGecko Users Affected by Data Breach
Despite the primary email domain of CoinGecko remaining secure, the attacker managed to send out 23,723 phishing emails. CoinGecko confirmed:
Phishing is a fraudulent scheme where attackers trick individuals into disclosing sensitive information, such as private keys for crypto wallets.
In light of this incident, CoinGecko has provided guidelines on how users can safeguard themselves against potential scams. They advise users to be cautious of unfamiliar or suspicious domains, refrain from clicking on links or downloading attachments from unknown sources, and exercise caution when approached with token airdrop offers.
Evolution of Tactics by Crypto Scammers
The leakage of private keys and personal data has become a major catalyst for cryptocurrency-related breaches. Exploitative individuals now target these vulnerabilities, opting for easier targets rather than attempting to breach more sophisticated protocols.
According to Merkle Science’s 2024 HackHub report, over 55% of the digital assets lost in 2023 were due to leaks of private keys.


This trend is emerging alongside the increasing use of scam tactics that leverage AI technology, ushering in a new era of cyber threats. These tactics include deepfake scams, state-sponsored attacks, and other advanced illicit activities.
Deepfake videos often exploit the images of influential personalities to promote fraudulent investment schemes. They falsely suggest that the project has official backing, making it appear legitimate to potential victims.
Recently, more than 35 YouTube channels live-streamed the Space X launch using an AI-generated voice impersonating Elon Musk. The scam urged viewers to send Bitcoin or Ethereum to an address with the promise of doubling their investment. The scammers claimed, “This is not a hoax, it’s a genuine giveaway. I personally guarantee it.”
There have also been cases of deepfake technology impersonating high-ranking executives during online meetings. This manipulation of authority could potentially authorize significant transactions, impacting both corporate and crypto industries.