It has come to our attention that several of Coinigy users’ e-mail accounts have come under attack after last week’s security lapse. It was decided to put up a blog post outlining some of the methods these attackers are using, and suggest a few ways to help secure your accounts.
- Use strong, unique passwords across every site, e-mail account, and exchange. The initial vector of this attack was a compromised e-mail address that used a similar password to one that was released during the recent LinkedIn security breach. Make sure that all of your accounts use different strong passwords, and we suggest using a password manager with strong encryption.
- Two-Factor Authentication is a must. We absolutely recommend enabling 2FA on not only your Coinigy account, but also on your e-mail accounts and any exchange accounts you may have. There is one thing to note, however- These attackers are highly skilled and have been known to resort to social engineering methods to get around 2FA. Take care of any 2FA methods and make sure they do not get out of your hands, at any time.
- Do not, under any circumstances, provide your login credentials to any staff member of Coinigy or purported staff member. We will never ask you for your password or 2FA passcode, ever- not through support tickets or other means.
- If you suspect that your account(s) have been compromised, immediately change your password and verify your IP logs, which are available under Settings > Activity Logs. If you notice any foreign IPs, please contact Coinigy Support immediately and we will do everything in our power to rectify the situation.
Many users have been asking for an update with regards to the “Freeze” we have put on trading through Coinigy. This freeze was enacted temporarily as several users had reported their accounts had been compromised due to third party vectors and/or common passwords. Rather than give these attackers further steam, it was decided to suspend trading and do a full security audit.
We are currently undergoing audit as well as building in additional security features (such as requiring 2FA for trading, additional account verification measures, and attack detection) to help prevent attacks like this in the future. We expect to be able to re-enable trading by November 1st, however it may be sooner than that. We are also implementing a new e-mail change methodology. We thank you for your continued patience, and as mentioned in our last post we will be working on a comprehensive plan to compensate users for the downtime and inability to trade.
Please feel free to reach out about anything at all, and thank you for your continued support.