Coinbase hacking attempt leads to discovery of Firefox bug

Hackers are taking full advantage of a “zero-day” exploit in Mozilla’s Firefox browser, in the latest scam to target cryptocurrency owners online, ZDNet first reported.

According to warning issued by the firm Wednesday, fraudsters have been exploiting a so-called “type confusion vulnerability” which arises from interactions with JavaScript objects, and can be used to target unsuspecting cryptocurrency users.

In its latest patch note, Mozilla said they were aware of the exploit being used to scam cryptocurrency users in targeted attacks: “This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”

Security researcher Samuel Groß is widely attributed as having discovered the vulnerability, which was brought to Mozilla’s attention back in early April.

However, the first security patch was only released in the last week, leaving over two months during which crypto users could have been scammed via a targeted crash attack.

Groß told ZDNet that hackers can use the vulnerability for “Remote Control Execution,” effectively giving them full control over a user’s system. In particular, the attacks seem to have focused on users of the Coinbase cryptocurrency exchange.

“However, most likely it can be exploited for [Universal Cross-Site Scripting (UXSS) attacks] which might be enough depending on the attacker’s goals,” the security expert said.

These types of attacks are often associated with the loss of sensitive data, such as usernames, passwords and bank account details.

While there are limited details available about the exact nature of the attacks or the number of victims affected by them, Mozilla has now taken action to prevent others from falling unwittingly into difficulties. On its website, Mozilla urged users to make sure they update their browser with the latest security patch as soon as they can.

The hack is the latest example of cybercriminals targeting the cryptocurrency sector, in this case presumably with a view to stealing Coinbase logins and, consequently, victims’ crypto balances.

While Mozilla did eventually patch the vulnerability, the case further reaffirms the need for adequate cryptocurrency storage and security.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.