CoinGecko has confirmed a severe data breach at its third-party email provider, GetResponse. The breach, which occurred on June 5 due to a compromised employee account, allowed attackers to export contact information of over 1.9 million CoinGecko users. This was confirmed by CoinGecko on June 7. The stolen data includes names, email addresses, IP addresses, and metadata such as sign-up dates and subscription plans. However, CoinGecko assures that user accounts and passwords remain secure.

In a worrying development, the attackers sent 23,723 phishing emails from another GetResponse client’s account. These phishing attempts aim to steal sensitive information like crypto wallet private keys and trick users into sending funds to fraudulent addresses. Hakan Unal, senior blockchain scientist at Cyvers, advises users to verify the authenticity of emails and enable two-factor authentication (2FA) on all crypto platforms to protect themselves.

Private key and data leaks continue to be the main cause of crypto-related hacks. According to Merkle Science’s HackHub report, over 55% of hacked digital assets in 2023 were due to private key leaks. Mriganka Pattnaik, CEO of Merkle Science, notes that hackers are increasingly targeting easier vulnerabilities like private key theft.

Users are urged to stay vigilant and adopt robust security measures to safeguard their crypto assets. The rise in private key leaks underscores the need for enhanced security practices in the crypto space. By implementing strong authentication methods and remaining cautious of suspicious emails, users can better protect themselves against such threats.