Recent Firefox zero-day attack targeted Coinbase employees

21 Jun, 2019
by David Borman
Recent Firefox zero-day attack targeted Coinbase employees

It is being reported by ZDNet that the recent announcement made by Mozilla to update Firefox due to a vulnerability came from a specific attack that was unleashed against both Coinbase as well as other exchanges. Fortunately the attack was deterred and all funds are still safe.

Coinbase originally detected the attack on Monday and subsequently announced the following to Mozilla:

"On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day Firefox sandbox escape, to target Coinbase employees."

This is what prompted Mozilla to issue a patch for the code and immediately warn all users to update. What makes the story stranger though, is the fact that the exploit was originally on April 15th by Groß, a security researcher with Google Project Zero security team.

The article compiles a list of scenarios in which the attackers could have found out about the exploit, despite Mozilla not having disclosed the information yet:

"- the attackers discovered the same RCE bug on their own
- they obtained the info from an insider with access to Mozilla's security bugs portal
- they compromised a Mozilla employee's account and accessed the Bugzilla portal's security section
- or, they hacked the Bugzilla portal, similar to an incident from 2015"

While it is unclear how it happened, what is important is that the software has been patched and Coinbase was able to intercept the attack before any issues arose. Philip Martin, a member of the Coinbase security team, is quoted:

"We walked back the entire attack, recovered and reported the 0-day to Firefox, pulled apart the malware and [infrastructure] used in the attack, and are working with various orgs to continue burning down [the] attacker's infrastructure and digging into the attacker involved."

For now, all is well, but this could have led to a major hack of one of the largest and most popular crypto exchanges out there. Will we see further attacks? Stick with Chepicap for all updates!

Help Chepicap to get listed in the Delta Portfolio App by voting HERE!

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Bitcoin to $20K FAST, but only if THIS happens! $10K CROSSROAD Subscribe to the Chepicap YouTube Channel for more videos!

Read more about: Coinbase Hack


Should users be concerned?

(5 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage