• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Digital ID
  • Hacking
  • Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Pierluigi Paganini June 04, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks.

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers.

“Approximately 12:00 on June 1, 2020, as a result of detecting an abnormality in the monitoring work and starting an investigation, from around 0:05 on May 31, 2020, in our account in “Ome.com”, It was confirmed that the domain registration information was changed by a third party. As a result of this event, it was revealed that some emails received from customers during the period from May 31 to June 1, 2020 could be illegally obtained by a third party.” reads a press release published by the company.

“The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

The company only halted remittance operations while other operations, including deposits and withdrawals, have not been suspended.

The attack took place between May 31 and June 1, when hackers gained access to Coincheck’s account at Oname.com and attempted to contact the customers of the platform. Coincheck detected the security breach after observing traffic abnormalities, it also confirmed that approximately 200 customers have been impacted in the security incident.

Oname.com also confirmed the incident in a separate advisory about issues in Name.com Navi customer’s domain and server management tool.

“There was a case where the management screen of the customer who used Ome.com was accessed illegally and the registered information was rewritten. After investigating this, a malicious third party was able to use your ID and the bug (*) that could alter the communication on your name.com Navi. It turned out that the information (email address) was rewritten.” reads the advisory published by Oname.com. “The bug of “Omename.com Navi” will be fixed on June 2nd.”

According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain.

コインチェックの件、元々 NS レコードに登録されていた Amazon Route 53 のドメインにそっくりな偽ドメインが前日の 5/29 に複数登録されてますね。その後 5/30 にお名前.com で NS レコードを書き換えた模様。
(例) 本物 awsdns-61[.]org → 偽物 awsdns-061[.]org

— Masafumi Negishi (@MasafumiNegishi) June 3, 2020

Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org with awsdns-061.org. The two domain names differ for an extra 0 prefixed to 61.

Information that may have been leaked in the security breach is the email address written in the recipient and information written in the customer’s email.

Attackers sent spear-phishing messages to some users posing as the coincheck.com domain and redirecting the replies of the customers to the servers under their control.

The spear-phishing messages likely instructed users to verify their account information, then the attackers were planning to use this data to take over the customers’ accounts and siphon their funds.

At the time of publishing this post, the company is not aware of abuses of information obtained with spare-phishing attacks either of the theft of customers’ funds.

In January 2018 Coincheck was hacked and attackers stole $400 million.

A few days after the hack, the company announced it will refund about $400 million to customers after the hack. Coincheck will use its own funds to reimburse about 46.3 billion yen to its 260,000 customers who were impacted by the cyberheist.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – coincheck, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Coincheck cryptocurrency hacking news Information Security information security news Pierluigi Paganini Security Affairs Security News spear-phishing

you might also like

Pierluigi Paganini July 29, 2025
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
Read more
Pierluigi Paganini July 29, 2025
Seychelles Commercial Bank Reported Cybersecurity Incident
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

    Hacktivism / July 29, 2025

    Seychelles Commercial Bank Reported Cybersecurity Incident

    Data Breach / July 29, 2025

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT