Coincheck, a Japanese cryptocurrency exchange reveals that hackers took control over its local domain registrar account and hijacked one of its domain names which was used to contact some of its customers.
The exchange halted all the remittance operations on its platform and operations such as withdrawals or deposits are not blocked.
The company is investigating the incident and according to an incident report published by the company, the initial attack took place on May 31. The hackers got access to Coincheck’s account at Oname.com which is the domain registrar provider of the exchange.
Oname also confirmed the incident and any technical details of the attack is not provided by Coincheck so far. But a Japanese security researcher Masafumi Negishi said the hackers modified the primary DNS entry for Coincheck’s coincheck.com domain.
Coincheck uses Amazon’s managed DNS service to handle the operation of returning the server IP address where users’ clients (browser, mobile apps, wallets) needed to connect for the coincheck.com domain.
The researcher stated that the hacker registered a domain that looked similar to the AWS server and replaced the original awsdns-61.org with awsdns-061.org inside the Oname.com backend. This allowed the hacker to manage DNS queries for the Coincheck portal.
However, hackers did not use this access to redirect the exchange’s entire web traffic to a Coincheck clone as it would be easy to detect such an attack.
The hackers instead sent spear-phishing emails to certain users by impersonating the coincheck.com domain and redirecting email replies to their own servers.
Coincheck detected the attack after finding some traffic abnormalities. The hackers had control over the company’s domain until June 1 when the company regained access to its domain.
It is found that hackers contacted the customers and asked them to verify account information, which could be used by them later to hack accounts and steal funds.
Around 200 customers seem to have engaged with the hackers as they mistook them for official Coincheck staff.
The company had no proof to confirm that hackers used any information to breach accounts or to steal any funds.