Posted on June 3, 2020 at 3:15 PM

Hackers Want to Use Stolen Data from Coinsquare Exchange for SIM Swap

Hackers, who stole data from Coinsquare, a Canadian Cryptocurrency exchange, said they intend using the stolen information to carry out SIM swapping attacks. One of the hackers revealed this yesterday.

The incident is a clear indication of hackers’ continuous interest in leveraging security problems with telecom-based methods of security authentication.

In a typical SIM swap attack, the cybercriminal controls the phone number of the affected hacker. With the seizure of the phone number, the hacker will now have access to request passwords for the victim’s two-factor authentication code or resets for some websites.

Former Coinsquare employee responsible for data theft

In most cases, the SIM swapper may utilize this technique to steal cryptocurrency. However, with this breach, Coinsquare is accusing one of its former employees as a conspirator to the theft. The exchange revealed the data was stolen by one of its former employees, as the firm’s investigation shows.

“The original intent was to sell the data but we figured we would make more money by SIM swapping the accounts,” the unnamed hacker revealed to Motherboard during an online chat.

Hacker wanted to fault Coinsquare’s claims

Users can buy or sell Ethereum, Bitcoin, and other cryptocurrencies on the Coinsquare platform. The exchange says it’s the most secure trading platform.

In response to the claim of being the most secure platform, the hacker said the initial intention was to dispute the claim the company made. According to the hacker, the successful hacking of their system obviously proves that the claim is a complete lie.

The hacker provided a copy of the stolen data to Motherboard, who then analyzed it to verify the data were actually from Coinsquare.

The data includes more than 5,000 rows of users’ phone numbers and email addresses. Some of the data also contains the residential addresses of the users.

There is another column named “total $ funded first 6 months,” which is representing the total dollar amount the user has kept in their Coinsquare account within the 6 months. It also shows whether the company takes the user as a high-valued client or not. However, it doesn’t seem the data includes passwords.

Data is linked with Coinsquare’s account server

Motherboard confirmed the data by trying to make accounts on Coinsquare’s portal, randomly selecting email addresses in the data. However, the security team did not succeed because the addresses were linked to accounts with Coinsquare. This suggested that there is a relationship between the leaked data and records kept by Coinsquare. Other addresses were also tested, and many of them did not turn up on Google searches, which suggests it could be private information.

Several people who are listed on the database were also contacted by the Motherboard to verify the data. Three of the respondents said they are Coinsquare users and two of them confirmed their phone numbers.

Coinsquare has commented on the incident. But the exchange insisted that the hack was not done by a complete outsider. Instead, it was carried out by someone who has worked in the company before.

General counsel to Coinsquare, Stacey Hoisak, confirmed Coinsquare’s statement saying the breach and data theft occurred due to employee theft. He said the theft was possible because the employee was privy to certain information that exposed the company.

Coinsquare has made changes since the breach

Hoisak said the incident was made known to Coinsquare about a year ago. As soon as it was aware, the company notified data security firms and law protection authorities about the breach for further investigations. The company also informed users who have been affected by the breach.

Hoisak said the company was not initially aware of the total impact of the breach. But he said the screenshots of the stolen data from Motherboard were additional usernames, which means the stolen data could be more than what Motherboard was given by the hackers.

Coinsquare said it has upgraded its internal controls, re-written data management policy, and replaced internal sales management since it became aware of the breach last year. The firm said it doesn’t have any knowledge of additional employee theft or any other breach since that time.

Past employees have always been a scourge to the security of company data, especially when the relationship between the employee and its employer didn’t end well. Sometimes, data theft can even occur with current employees or contractors. Last month, an employee at popular video game company Roblox was offered a bribe to access user data.

There have been other similar data breaches involving current or former employees. That indicates companies are facing both internal and external risks every day, which shows the need to be extremely cautious in the cyber world.