Major Japanese cryptocurrency exchange Coincheck has suffered a data breach involving unauthorized access to the platform’s domain registration service.
Coincheck is one of the world’s oldest crypto exchanges. They suffered a $500 million hack in 2018, which is considered to be the biggest crypto theft in history. The exchange has now encountered another apparent attack that could lead to customers’ personal data and emails being leaked, Cointelegraph Japan reports June 2.
Deposits and withdrawals operate while remittances are halted
Announcing the incident on Tuesday, Coincheck said that the breach had “no impact on the customer's assets” this time. However, Coincheck still had to halt its crypto remittance service in order to investigate the problem, the firm said.
Coincheck elaborated:
“Although there is no impact on your assets at this time, we will stop crypto remittance service again, considering the progress of the investigation by the domain registration service operator. Services such as depositing/withdrawing Japanese Yen and receiving/purchasing/selling crypto assets can be used as usual.”
Potentially leaked data include birth date, phone numbers and selfie ID
According to the announcement, the breach took place on May 31 and June 1. It purportedly affected roughly 200 customers, all of whom had sent in email inquiries during that period. The severity of the breach is apparently significant. Attackers may have stolen Coincheck clients’ email addresses, as well as information like full name, date of birth, phone number, registration address, and selfie ID.
Data breaches at crypto-related businesses are becoming increasingly frequent. On May 24, Cointelegraph reported on a major data breach involving databases for crypto hardwallets like Ledger, Trezor, and KeepKey. As a result of the breach, attackers were allegedly selling databases of 80,000 users, with data including name, address, phone number, and email.
In mid-May 2020, crypto lending provider BlockFi suffered a similar data breach. Despite the attack not including non-public identification information like bank accounts or passwords, the incident still poses significant risks like SIM swapping attacks.