A note on the security and the recent incident
On Dec 16, a user account was compromised and funds were stolen from his Coindelta account. We investigated into this and found the following series of events.
How it happened
A few days ago before this incident happened, a fake application using the name of an international exchange got access to the user’s email accounts. The possibility is that user might have installed an application on his mobile and then gave access to his emails through permissions.
The fake application could read, send, delete and manage his emails without his consent. On Dec 16 morning, the application owner got access to his Coindelta Account using email OTP and saved password.
How could it be prevented
A fake application can have access to your emails and SMS. In order to avoid it following security measures must be taken:
- Do not install any application which comes from an unauthorized source.
- Do not click any scam/fake link. Hacker may try to lure you by giving financial incentives for clicking the link. This is a very common strategy to steal your personal identity.
- Enable 2FA using Google Authenticator on your emails as well as Coindelta Account.
- Do not store Coindelta password in any of your emails or SMS.
- Use a strong password.
User security is our topmost priority and we will also be taking few steps in the coming weeks to increase the security of the account and the platform.
We also strongly advise enabling 2FA using Google Authenticator.
Best,
Shubham
