Coincheck has fallen victim to a data breach after attackers accessed one of its domain name accounts and used it to impersonate the cryptocurrency exchange.
The Japanese firm – which fell victim to possibly the in history in 2018 – said Tuesday that an unknown third party gained access to an account it held with domain registration service Onamae.com. An suggested the attackers then used its .jp domain account to send “fraudulent” emails to customers.
“A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails from our customers during the period from May 31 to June 1, 2020,” reads the report. “It turned out that [the domain name] was in a state where it could be acquired.”
Around 200 customers who sent replies to emails from the attackers are said to have data exposed. Coincheck said personal identifying information such as names, addresses and ID photos may have been illegally obtained. It’s possible that hackers were phishing for “know your customer” verification details so they could access client accounts, but the motive remains unclear.