Importance Score: 75 / 100 🔴
Coinbase Data Breach: Insiders Bribed in Crypto Hack
Cryptocurrency exchange Coinbase reports that cyber criminals “bribed and recruited” support staff to facilitate the theft of customer data and subsequently deceive users into transferring funds to the attackers. This Coinbase data breach resulted in unauthorized access to names, addresses, phone numbers, governmental identification images, account details, and partial social security numbers belonging to a “small subset of users,” according to a company blog post.
Details of the Security Incident
In a filing submitted to the Securities and Exchange Commission (SEC), the crypto exchange stated that on May 11th, they received an email from a malicious actor claiming to possess sensitive information regarding certain Coinbase accounts. The perpetrator demanded $20 million in exchange for suppressing the information’s public dissemination, a demand that Coinbase rejected.
Legal and Company Response
- Coinbase is actively collaborating with law enforcement agencies to thoroughly investigate this security incident.
- The company has “immediately terminated the personnel involved” in the unauthorized activity.
- Coinbase intends to “press criminal charges” against those responsible.
Data Security and User Impact
The cryptocurrency exchange emphasized that login credentials, two-factor authentication (2FA) codes, or private keys were not compromised, and the attackers were unable to gain access to any Coinbase accounts or wallets. Coinbase anticipates potential expenditures ranging from $180 million to $400 million to compensate affected customers. Furthermore, a reward of $20 million is being offered for information leading to the apprehension of the individuals responsible.
Protecting Yourself from Scams
“Scammers—whether associated with this event or not—may impersonate Coinbase employees in an attempt to coerce you into moving your holdings,” the company warns in its blog post. “Please remember that Coinbase will never request your password, 2FA codes, or ask you to transfer assets to a specific or new address, account, vault, or wallet.”