コインチェックの件、元々 NS レコードに登録されていた Amazon Route 53 のドメインにそっくりな偽ドメインが前日の 5/29 に複数登録されてますね。その後 5/30 にお名前.com で NS レコードを書き換えた模様。
(例) 本物 awsdns-61[.]org → 偽物 awsdns-061[.]org
The Japnese exchange uses Amazon DNS service and the hackers reportedly changed Oname.com back-end from awsdns-61.org with awsdns-061.org. The tampering allowed them to gain access to the Coincheck portal at Oname.com. Hackers smartly opted to not migrate the whole traffic to their new address as that would have instantly alarmed the exchange.
They instead chose to send emails to its clients asking for them to verify their details and accounts and the replies by the users were directed to the Coincheck clone created by them. It is believed almost 200 responses were received. They presented themselves as the exchange's staff to gather their details and to use it on a later date.
The exchange ultimately detected the hacking when abnormal traffic was witnessed and decided to stop its remittance operations while the rest of them like withdrawals carried on as intended. The hackers had access to the domain till 1 June and then Coincheck regained. The company states that it is not in their knowledge that they've have used any of the information to steal funds yet.
Coincheck is not new to such hijacking and was once looted of $500 million in January 2018 in what is considered the biggest crypto heist.
Articles You May Read.