Coinbase hacking attempt leads to discovery of Firefox bug

Getting your Trinity Audio player ready...

Hackers are taking full advantage of a “zero-day” exploit in Mozilla’s Firefox browser, in the latest scam to target cryptocurrency owners online, ZDNet first reported.

According to warning issued by the firm Wednesday, fraudsters have been exploiting a so-called “type confusion vulnerability” which arises from interactions with JavaScript objects, and can be used to target unsuspecting cryptocurrency users.

In its latest patch note, Mozilla said they were aware of the exploit being used to scam cryptocurrency users in targeted attacks: “This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”

Security researcher Samuel Groß is widely attributed as having discovered the vulnerability, which was brought to Mozilla’s attention back in early April.

I don't have any insights into the active exploitation part. I found and then reported the bug on April 15. The first public fix then landed about a week ago (sec fixes are held back until close to the next release): https://t.co/O34f9dou3E https://t.co/K6GfZN1XkH

— Samuel Groß (@5aelo) June 19, 2019

However, the first security patch was only released in the last week, leaving over two months during which crypto users could have been scammed via a targeted crash attack.

Groß told ZDNet that hackers can use the vulnerability for “Remote Control Execution,” effectively giving them full control over a user’s system. In particular, the attacks seem to have focused on users of the Coinbase (NASDAQ: COIN) cryptocurrency exchange.

“However, most likely it can be exploited for [Universal Cross-Site Scripting (UXSS) attacks] which might be enough depending on the attacker’s goals,” the security expert said.

These types of attacks are often associated with the loss of sensitive data, such as usernames, passwords and bank account details.

While there are limited details available about the exact nature of the attacks or the number of victims affected by them, Mozilla has now taken action to prevent others from falling unwittingly into difficulties. On its website, Mozilla urged users to make sure they update their browser with the latest security patch as soon as they can.

The hack is the latest example of cybercriminals targeting the cryptocurrency sector, in this case presumably with a view to stealing Coinbase logins and, consequently, victims’ crypto balances.

1/ A little more context on the Firefox 0-day reports. On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.

— Philip Martin (@SecurityGuyPhil) June 19, 2019

While Mozilla did eventually patch the vulnerability, the case further reaffirms the need for adequate cryptocurrency storage and security.