Coinbase under attack and cookie theft

Coinbase was attacked using Firefox 0-days (previously unknown security flaws in Firefox) to steal browser session tokens, which are credentials stored in browser data files that let attackers access cloud services like Gmail without needing passwords. The attackers specifically targeted these token files through direct access to browser datastores (the storage locations where browsers save data), which is unusual behavior that could be detected by monitoring which processes access these files.