Gemini Discloses Third-Party Incidents Resulting in Phishing Scam Targeting UK and European Users
Gemini, the popular cryptocurrency exchange, has disclosed incidents of a phishing campaign targeting users in the UK and Europe. The scam involved emails and websites that mimicked the Gemini branding, which the company believes were the result of two third-party vendor incidents. While no account information or systems were affected, the scammers obtained the names, email addresses, and partial phone numbers of certain customers. Gemini says that the second incident involved “bad actors” who tricked employees of a third-party vendor into providing login credentials to access customer information. The exchange notes that these incidents may be part of a broader attack on crypto platforms and has informed the UK Information Commissioner’s Office and the Irish Data Protection Commissioner.
Third-Party Incidents
According to a client email seen by The Block, the phishing campaign was attributed to a third party. Gemini said that it was aware of two incidents where bad actors obtained customer information from two third-party vendors that the exchange uses. The first incident was previously mentioned by the firm, while the second incident occurred last fall. Gemini assured its clients that all customer accounts remained secure and no account information or systems were impacted.
Broader Attack on Crypto Platforms
Gemini believes that the incidents may be part of a larger attack on crypto platforms by a group of bad actors. The company did not immediately respond to requests for comment from The Block. However, the UK Information Commissioner’s Office and the Irish Data Protection Commissioner have been notified of the phishing scam targeting Gemini’s UK and European users.
Source: The Block