Apparently, the attackers sent spear-phishing emails to the cryptocurrency exchange’s personnel to lure them to a website designed to automatically download and run an info-stealer if it’s loaded on Firefox. The malware they used worked on both Mac and Windows and could collect passwords and other data. A Google Project Zero researcher reported the first bug’s existence to Mozilla in April, but the browser-maker didn’t patch it up until after the Coinbase security team reported attacks on the company’s system using the two vulnerabilities.

It’s still unclear how the attackers knew about the bugs to create attacks meant to exploit them. And while Coinbase didn’t find evidence of exploitation targeting customers, Firefox users may still want to update their browsers, especially now that the flaws are public knowledge.