The Gemini cryptocurrency exchange has warned its customers that they may be the target of phishing attacks, via email. Gemini said that an unnamed third-party vendor suffered a breach.
Gemini said that none of its own systems were affected by the breach.
“Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor,” Gemini said in a news release from the Product Security Team. “This incident led to the collection of Gemini customer email addresses and partial phone numbers. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.”
Gemini provided tips to its customers on how to avoid becoming a victim in this phishing attack or future ones. It recommended that users change the email address they have on file with the company, and also use two-factor authentication.
The Security Team provided detailed steps on how to change your address for your Gemini account, as well as how to set up 2FA and/or use a hardware security key, YubiKey, or Google Titan Key.
“We do not recommend that you rely on the secrecy of an email address as a substitute for strong authentication methods,” the release said. “Online scams are common, particularly in the crypto industry, and we highly recommend using two-factor authentication (2FA) and/or hardware security keys to protect your Gemini account.”
According to reports, the threat actors attempted in September to sell data related to nearly 6 million Gemini customers on a hacker forum that included email addresses and phone numbers. The threat actors allegedly tried to sell this data for over $500,000.
There is no information to confirm any transaction took place.
In the FBI’s 2020 Internet Crime Report, phishing scams were the No. 1 cybercrime. The FBI stated that phishing scams represented 241,342 of the complaints, with adjusted losses of over $54 million.