• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Digital ID
  • Hacking
  • Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Pierluigi Paganini June 04, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks.

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers.

“Approximately 12:00 on June 1, 2020, as a result of detecting an abnormality in the monitoring work and starting an investigation, from around 0:05 on May 31, 2020, in our account in “Ome.com”, It was confirmed that the domain registration information was changed by a third party. As a result of this event, it was revealed that some emails received from customers during the period from May 31 to June 1, 2020 could be illegally obtained by a third party.” reads a press release published by the company.

“The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

The company only halted remittance operations while other operations, including deposits and withdrawals, have not been suspended.

The attack took place between May 31 and June 1, when hackers gained access to Coincheck’s account at Oname.com and attempted to contact the customers of the platform. Coincheck detected the security breach after observing traffic abnormalities, it also confirmed that approximately 200 customers have been impacted in the security incident.

Oname.com also confirmed the incident in a separate advisory about issues in Name.com Navi customer’s domain and server management tool.

“There was a case where the management screen of the customer who used Ome.com was accessed illegally and the registered information was rewritten. After investigating this, a malicious third party was able to use your ID and the bug (*) that could alter the communication on your name.com Navi. It turned out that the information (email address) was rewritten.” reads the advisory published by Oname.com. “The bug of “Omename.com Navi” will be fixed on June 2nd.”

According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain.

コインチェックの件、元々 NS レコードに登録されていた Amazon Route 53 のドメインにそっくりな偽ドメインが前日の 5/29 に複数登録されてますね。その後 5/30 にお名前.com で NS レコードを書き換えた模様。
(例) 本物 awsdns-61[.]org → 偽物 awsdns-061[.]org

— Masafumi Negishi (@MasafumiNegishi) June 3, 2020

Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org with awsdns-061.org. The two domain names differ for an extra 0 prefixed to 61.

Information that may have been leaked in the security breach is the email address written in the recipient and information written in the customer’s email.

Attackers sent spear-phishing messages to some users posing as the coincheck.com domain and redirecting the replies of the customers to the servers under their control.

The spear-phishing messages likely instructed users to verify their account information, then the attackers were planning to use this data to take over the customers’ accounts and siphon their funds.

At the time of publishing this post, the company is not aware of abuses of information obtained with spare-phishing attacks either of the theft of customers’ funds.

In January 2018 Coincheck was hacked and attackers stole $400 million.

A few days after the hack, the company announced it will refund about $400 million to customers after the hack. Coincheck will use its own funds to reimburse about 46.3 billion yen to its 260,000 customers who were impacted by the cyberheist.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – coincheck, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Coincheck cryptocurrency hacking news Information Security information security news Pierluigi Paganini Security Affairs Security News spear-phishing

you might also like

Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT