Coindesk Logo

Coincheck Customers Fall Victim to Data Breach After Domain Account Error

Coincheck Customers Fall Victim to Data Breach After Domain Account Error

Coincheck Customers Fall Victim to Data Breach After Domain Account Error

Coincheck's .com domain had been "in a state where it could be acquired." No funds have been lost, the firm said.

Coincheck's .com domain had been "in a state where it could be acquired." No funds have been lost, the firm said.

Coincheck's .com domain had been "in a state where it could be acquired." No funds have been lost, the firm said.

AccessTimeIconJun 3, 2020, 1:09 PM
Updated Aug 19, 2021, 2:21 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Coincheck has fallen victim to a data breach after attackers accessed one of its domain name accounts and used it to impersonate the cryptocurrency exchange.

The Japanese firm – which fell victim to possibly the largest crypto hack in history in 2018 – said Tuesday that an unknown third party gained access to an account it held with domain registration service Onamae.com. An incident notice suggested the attackers then used its .jp domain account to send "fraudulent" emails to customers.

"A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails from our customers during the period from May 31 to June 1, 2020," reads the report. "It turned out that [the domain name] was in a state where it could be acquired."

Around 200 customers who sent replies to emails from the attackers are said to have data exposed. Coincheck said personal identifying information such as names, addresses and ID photos may have been illegally obtained. It's possible that hackers were phishing for "know your customer" verification details so they could access client accounts, but the motive remains unclear.

How the third parties were allowed to gain access to Coincheck's domain account is currently being investigated by the registration firm, Coincheck said.

Although the exchange said funds had not been lost in the attack, it has suspended crypto remittances until Onamae's investigation is complete. All other services, including fiat deposits and withdrawals as well as cryptocurrency trading, remain operational at this time.

For customers seeking support, the firm is requesting that emails are sent to an address at coincheck.jp, not coincheck.com for the time being.

CoinDesk approached Coincheck for more precise details on the breach, but hadn't received a response by press time.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.