Main navigation

CoinLoan’s Fraud Detection Team Helped in Mitigating Critical Attack on Crypto Wallets

Tue, 05/10/2022 - 07:00
article image
Vladislav Sopov
Security officers of CoinLoan, a top-tier cryptocurrency lending service, prevented eight-digit attack on crypto wallets from happening
CoinLoan’s Fraud Detection Team Helped in Mitigating Critical Attack on Crypto Wallets
Cover image via
Read U.TODAY on
Google News

In early April 2022, owners of Trezor’s hardware wallets received a number of suspicious emails with the recommendations to download software updates. Through these letters, unknown malefactors attempted to organize one of the largest phishing campaigns in Web3 segment history.

Hardware wallets under attack; CoinLoan comes to the rescue

On April 3, 2022, cryptocurrency holders who used popular hardware wallets by Trezor started receiving unusual email notifications. These messages bypassed spam filtering mechanisms and looked like legit updates from the top-tier hardware wallets team.

Users were asked to upgrade their software, but the links to the letters redirected to malicious websites: the word “Trezor” in the website names included an altered letter “e” with an added homoglyph. The fraudulent websites contained software that was able to steal users’ funds through compromising seed phrases.

The Fraud Detection Team, a cybersecurity arm of CoinLoan, immediately detected the IP addresses behind the malicious web domains and disclosed their hosting providers. Once reached, the hosting providers took the impersonating domains down.

Despite hackers trying to utilize the next portion of IPs, CoinLoan representatives flagged them as well. Then, the team deployed the binaries to VirusTotal and informed the global cybersecurity community of the danger.

A prompt reaction allowed crypto enthusiasts to reveal the vector of the failed attack: it was organized through MailChimp, a mainstream email marketing platform. An unknown “insider” accessed its internal mechanisms and organized the phishing campaign.

Lessons for crypto users’ privacy and security

Although it is obvious that Trezor had nothing to do with the attack, according to CoinLoan experts, this phishing attack should be a “wakeup call” for the industry. Even veteran and mainstream services are failing to protect the sensitive data, security and privacy of their customers.

Such failures, in turn, reduce the level of trust in crypto as a whole: the general public falls for the narrative that digital assets are associated with scams and frauds.

Bank-grade security practices like those used by CoinLoan cannot be considered optional anymore at this stage of Web3 space evolution. Also, the scam clearly demonstrates that some noncustodial services are vulnerable to the attacks that their custodial competitors are protected from.

While noncustodial services need to integrate marketing mechanisms by third-party vendors, CoinLoan implements the strictest data protection policies that include multiple checks. It allows CoinLoan to guarantee that its potential attackers will not be able to gain access to users’ funds and move them in an unauthorized manner.

Making digital assets lending mainstream: What is CoinLoan?

CoinLoan is an ecosystem of digital asset lending products that includes lending, borrowing, earning and swap modules. It allows crypto holders to benefit from their idle riches.

Image by CoinLoan

By Q2, 2022, CoinLoan integrated dozens of assets, including both veteran cryptos, large-cap and mid-cap altcoins and DeFi tokens.

Users can deposit their crypto tokens, including USDT, USDC and TUSD stablecoins, to earn periodic rewards with up to 12.3% in APYs. Crypto holders can increase available APYs by staking CoinLoan’s native token, CLT.

Also, crypto holders can collateralize their cryptos to obtain a loan: this eliminates the need to sell digital assets.

CoinLoan’s corporate module allows industrial crypto-friendly services to take part in lending/borrowing operations with Bitcoin (BTC) and major altcoins.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)