Frank Chaparro, Director of Special Projects at The Block, recently interviewed Coinbase Chief Information Security Officer (CISCO) Jeff Lunglhofer for Episode 47 of Season 6 of The Scoop podcast.
Lunglhofer offered a comprehensive look into the various strategies and practices Coinbase employs to protect its users and their assets while also shedding light on the sophisticated tactics used by malicious actors to exploit vulnerabilities.
The Dual Role of Custody and Education
Lunglhofer began by emphasizing the dual nature of Coinbase’s security mission: safeguarding customer assets and educating users. He stressed that Coinbase prides itself on being the most trusted name in crypto, a reputation that requires relentless effort. A significant part of this effort involves helping customers understand and avoid scams.
He noted that one of the most common tactics used by scammers is social engineering, where they impersonate legitimate entities, such as Coinbase, to extract sensitive information from users. These scammers are often well-prepared, possessing detailed information about their targets, gathered from various data breaches across the internet. This makes their impersonations highly convincing.
Understanding Combo Lists and Data Breaches
Lunglhofer explained the concept of “combo lists,” which are compilations of personal information from multiple data breaches. These lists are used by scammers to create detailed profiles of their targets. This information can include names, email addresses, phone numbers, and even transaction histories. The scammers then use this data to convincingly pose as representatives from legitimate organizations, making it difficult for individuals to distinguish between real and fraudulent communications.
The Sophistication of Scammer Operations
The conversation highlighted the organizational and operational sophistication of these malicious groups. These are not isolated individuals but well-coordinated groups that understand the nuances of financial platforms, including crypto exchanges like Coinbase. They use this knowledge to craft their scams, making them highly effective meticulously.
Lunglhofer provided an example of a scam where a fraudster contacts a user, pretending to be from Coinbase, and convinces the user to transfer their assets to a supposedly secure wallet, which the scammer actually controls. He emphasized that once assets are moved off Coinbase’s platform, the company’s security measures no longer protect them, leaving users vulnerable.
Preventive Measures and Best Practices
One of the key pieces of advice Lunglhofer offered was to always independently verify any communication from a financial institution. He recommended hanging up on unsolicited calls and contacting the institution directly using official contact methods, such as the phone number on the back of a credit card or through the institution’s official website.
He also discussed the importance of using strong multi-factor authentication (MFA) methods. While SMS-based MFA is better than nothing, it is not very secure. Instead, Lunglhofer advocates for the use of physical security tokens, which provide a much higher level of security because they cannot be easily phished or intercepted.
Coinbase’s Internal Security Practices
Internally, Coinbase employs robust security measures to protect against social engineering attacks. For instance, after noticing a wave of attacks leveraging a technique called “push fatigue,” where attackers bombard users with MFA requests until they give in, Coinbase mandated the use of physical security tokens for its employees.
Looking Ahead: The Future of Crypto Security
Lunglhofer noted that the future of crypto security will likely involve addressing on-chain security issues. As the crypto ecosystem is highly dynamic and open, it presents unique challenges compared to traditional financial systems. Issues such as smart contract vulnerabilities, bridge compromises, and the rapid evolution of blockchain technology will require continuous vigilance.
Featured Image via Coinbase