Share this article
Independent crypto data aggregator CoinGecko has confirmed that it experienced a data breach on June 5, 2024, through its third-party email platform, GetResponse.
The company has provided a transparent account of the incident, detailing the steps taken to address the issue and advising users on how to protect themselves.
The data breach occurred when an attacker compromised a GetResponse employee’s account, allowing them to export 1,916,596 contacts from CoinGecko’s GetResponse account. The attacker then sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates). CoinGecko’s security team detected the unusual activity and worked with GetResponse to block further email delivery.
Crypto Briefing previously reported on June 5 that several crypto firms are being targeted by a potential email vendor breach, based on a public disclosure from Tether CEO Paolo Ardoino. CoinGecko co-founder and COO Bobby Ong corroborated the disclosure and said that email blasts of fake token launches were being sent to mailing lists connected to crypto firms. Ong also went on to advise the crypto community to exercise caution when engaging with crypto newsletters.
Details of the breach
Personal information compromised in the incident included users’ names (if provided during sign-up), email addresses, IP addresses, locations of email opens, and other metadata such as account sign-up dates and subscription plans. However, CoinGecko user accounts remain secure, and no passwords were compromised.
CoinGecko has directly notified affected users via email and is actively investigating the situation with GetResponse. The company is also reviewing its security procedures and aims to enhance its security protocols in collaboration with its vendors.
To protect themselves, users are advised to remain vigilant and exercise caution when opening emails, as there may be an increase in phishing or spam emails. CoinGecko has emphasized that it is not the only crypto company impacted by this organized, targeted attack.
Users should be cautious of emails from unfamiliar or misleading domains, avoid clicking on links or downloading attachments from unsolicited sources, and be wary of emails claiming to offer token airdrops. CoinGecko has clarified that any email claiming to offer token airdrops by CoinGecko or GeckoTerminal is unauthorized and sent by the attacker, as the company does not have any officially issued coins or tokens.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight – and oversight – of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.