Coinbase, a leading cryptocurrency exchange, announced it has suffered a data breach. As the company explained in a blog post, cybercriminals corrupted its customer service agents to exfiltrate the personal data of the exchange's customers. A small subset of customers was affected, Coinbase said. In fact, less than 1% of users who transact monthly on Coinbase were affected by the breach.
Highly sensitive data was breached
The stolen data included name, address, phone number, email address, last 4 digits of Social Security number, partially masked bank account numbers, photos of official documents (license, passport, etc.), account information (balance, history), and internal company documents, such as customer support communications. It's a goldmine for cybercriminals and phishing professionals. However, "no passwords, private keys, or funds were exposed.".
To get their hands on the data, the hackers "bribed and recruited a group of agents overseas to steal Coinbase customer data." Unsurprisingly, Coinbase fired everyone involved in the theft. The exchange has indeed detected unauthorized access to its systems by employees. A complaint has been filed.
The hackers quickly used the data to conduct scams. Many Coinbase customers were tricked into paying cryptocurrency to the criminals. Coinbase is committed to reimbursing all victims. The repayment is expected to be between $180 million and $400 million, according to Coinbase's filings with the Securities and Exchange Commission (SEC).
$20 Million Ransom
After stealing the data, the hackers also contacted Coinbase to demand a $20 million ransom. To force the firm to pay the ransom, the hackers threatened to publish the data online. Despite the threats, Coinbase steadfastly refused to pay the ransom.
Instead of paying the cybercriminals, Coinbase opted to invest in a reward fund. The platform will offer money to anyone who provides information leading to the arrest and conviction of the attackers. For the record, Bybit did this following the cyberattack orchestrated by the Lazarus hackers.
Coinbase states that in "collaboration with industry partners, we have marked the attackers' addresses so that authorities can track and work to recover the assets." The exchange hopes to be able to freeze and recover the funds. While the investigation continues, Coinbase adds that it intends to open a new support center in the United States.
Source: Coinbase
0 Comments