According to a report published by Motherboard, hackers who stole user data from Coinsquare, a Canadian cryptocurrency exchange, now want to use it for conducting SIM-swapping attacks.
Coinsquare claims that its ex-employee was responsible for the data theft that came to light last year, but it now appears that the bad actors have some usernames that they weren’t aware of:
Since we were made aware of this issue last year, Coinsquare has replaced internal sales management systems, re-written data management policy and upgraded its internal controls, and we are not aware of any breach or additional employee thefts since that time.
According to the report, whoever was responsible for the breach initially intended to sell stolen information on the dark web, but the idea of SIM-swapping appears to be more lucrative.
By convincing phone carriers to hijack SIM cards linked to Coinsquare’s users, criminals can get around two-factor authentication (2FA) and get access to their exchange funds.
As reported by U.Today, an entrepreneur from California lost $1.8 mln due to a SIM-swapping attack.
The authenticity of the data was confirmed by Motherboard. All provided addresses have been already occupied and couldn’t be found on the web.
A tough start of 2019
Notably, Coinsquare was ‘eerily silent’ about the data leak ack back in 2019, as noted by one of its customers.
One of the legitly-looking leaks was posted on Reddit last year, and some users were able to find their email addresses.
Last year, the company had 40 of its employees laid off due to unfavorable market conditions.
This came right after the users of QuadrigaCX, the largest Canadian exchange, lost access to their funds after the death of its CEO who was the only person with access to all cold wallets.