Coinmama, a Bitcoin and Ethereum broker based in Israel, has become the target of a major security breach that has resulted in the theft of thousands of user records. According to a notice posted by the broker, 450,000 Coinmama users were affected by the attack, and their email addresses and encrypted passwords were stolen.
This attack was part of a larger theft in which 747 million records were stolen and sold on a darknet market. Several other companies were also affected by the breach, including various gaming sites and social networks. Coinmama seems to have been the only crypto exchange that was affected by the breach–which is good news of sorts.
No User Funds Stolen
More good news: those who obtained the records have apparently not managed to steal any funds from Coinmama. Even with the data, accessing user accounts would take some effort, as the stolen passwords were protected via hashing. Coinmama has not revealed whether the attackers have actually cracked the passwords and attempted to access the accounts.
In any case, it is easy for the broker itself to solve the problem of the stolen data: Coinmama has simply started to force users to change their passwords upon their next sign-in attempt. In addition to notifying customers of the security breach, the broker is apparently watching for suspicious activity both on and off the platform.
Other Attacks Elsewhere
Despite Coinmama’s assurances, stolen data is a persistent problem: another batch of stolen data called Collection #1 was discovered in mid-January. Around that time, rumors also began circulating that Binance and Bitfinex had leaked critical user data, although those rumors have since been disproven—much to the dismay of the cybercriminal who was trying to sell that data.
Coinmama notes that this breach was the second attack on the crypto industry this year: An attack on Cryptopia, which cost at least $16 million dollars, occurred in January. (The broker does not mention a smaller attack on LocalBitcoins, which occurred last month.) Undoubtedly, future attacks are on the way as well, although it is anyone’s guess what the next target will be.