Gemini, a crypto exchange and custodian founded by the Winklevoss brothers, suffered a major data breach that resulted in hackers gaining access to nearly 6K lines of information pertaining to Gemini customers’ email addresses and partial phone numbers.
According to an official press release, Gemini customers became the target of a phishing campaign which led to a massive loss of customer email addresses and partial phone numbers. The exchange has alleged the attack occurred due to the “result of an incident at a third-party vendor.” However, the crypto platform further clarified that no Gemini account information or systems were impacted and all funds and customer accounts remain secure.
Gemini Suffers Data Leak
After the data leak was found, Gemini went offline briefly but resumed operations soon after. The company did not mention the primary reason for the data breach except claiming a third party failure. It clarified that hackers were unable to gain access to the full phone numbers, as certain numeric digits were obfuscated. Moreover, the leaked database did not include sensitive personal information such as names, addresses and other Know Your Customer (KYC) information.
The Gemini exchange suspected that 5.7 million user information was leaked; official responsed that this was the result of a supplier incident, which resulted in the collection of Gemini customers’ email and some phone numbers, please be vigilant against phishing activities.
— Wu Blockchain (@WuBlockchain) December 15, 2022
In wake of the news, the Gemini product security team issued a warning of ongoing “phishing campaigns” and how to tackle such attacks. Wu Blockchain, a Chinese media outlet took to Twitter to confirm the news noting as many as 5.7 million users were affected. The media house wrote,
“The Gemini exchange suspected that 5.7 million user information was leaked; official responded that this was the result of a supplier incident, which resulted in the collection of Gemini customers’ email and some phone numbers.”
Phishing Scams On the Rise
Phishing is a crypto scam that involves scammers tricking victims into giving up their private keys or personal information. Such kind of attacks are becoming increasingly common across the entire crypto ecosystem.
In July, Uniswap, along with its community suffered a severe blow as liquidity providers (LPs) of the Uniswap v3 protocol reeled under a major phishing attack that ensued in a loss of over $8.1 million worth of Ethereum (ETH). Earlier this year, Dave Piscitello, a partner at Interisle Consulting Group expressed,
“Cryptocurrency phishing has skyrocketed, especially attacks involving wallets and exchanges. Phishers are applying attack techniques that they’ve used against other financials to virtual currencies with great effect.”
1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was — and remains — secure. Here’s what happened.👇
— Uniswap Labs 🦄 (@Uniswap) July 12, 2022
A report by Immunefi showed scammers stole more than $1 billion in Q1 2022 due to vulnerabilities in blockchain platforms. Between Q1 and Q3 2022, the crypto community lost more than a whopping $2.3 billion to hacks and scams.