Coincheck is a cryptocurrency wallet and exchange service. On May 31, it was subject to attack by hackers when they got hold of its domain registrar account and then changed the DNS settings. The company’s domain registrar, Onamae.com also confirmed the incident.
Japanese security researcher Masafumi Negishi said that the hackers modified the primary DNS entry for Coincheck’s domain. The hackers were able to do this by registering a vividly similar domain to Coincheck’s AWS server, consequently replacing the original awsdns-61.org with awsdns-061.org inside the Onamae.com back end, thus letting the hackers manage DNS queries for the exchage.
Hackers didn’t use this access to forward the company’s entire traffic to another site as such an attack would have been detected immediately. Instead, they impersonated the domain and sent phishing emails to some users, redirecting the email replies to their own servers. Around 200 customers replied to the emails and their personal data – names, addresses, photo IDs – may have been exposed.
Coincheck said that no funds were lost as of yet. It has suspended cryptocurrency payments until Onamae is done with its investigation. Other services like fiat deposits and withdrawals, crypto trading, are operational. It has also moved customer support temporarily to an address linked to coincheck.jp from coincheck.com.
In January 2018 too, Coincheck lost over 500 million NEM tokens (worth more than $500M then). It was speculated to be the biggest crypto theft of all time.