Summary:
- Coinbase experienced a cyber attack where criminals bribed and recruited support workers to steal customer data.
- The attackers obtained sensitive information but did not access login credentials or private keys.
- Coinbase is working with law enforcement, terminated involved personnel, and is offering a reward for information leading to an arrest.
Article:
Coinbase Cyber Attack: Criminals Bribed Support Workers to Steal Customer Data
Recently, Coinbase disclosed that cyber criminals managed to infiltrate their system by bribing and recruiting support workers. This led to the theft of sensitive customer data, including names, addresses, phone numbers, government IDs images, account data, and partial social security numbers. Despite this breach, the attackers did not gain access to login credentials, 2FA codes, or private keys, preventing them from entering any Coinbase accounts or wallets.
Response and Investigation
Upon receiving an email from a threat actor demanding $20 million in exchange for not exposing certain Coinbase account information, the crypto exchange refused to comply. Instead, they are working closely with law enforcement to investigate the incident and have terminated the personnel involved in the breach. Coinbase has vowed to press criminal charges and is prepared to spend $180 million to $400 million to repay impacted customers.
Protecting Against Scammers
As a precaution, Coinbase warns users to be wary of potential scammers posing as company employees. They emphasize that Coinbase will never request passwords, 2FA codes, or ask users to transfer assets to a specific address, account, vault, or wallet. To encourage cooperation in apprehending the perpetrators, Coinbase is offering a $20 million reward to anyone who provides information leading to an arrest.
Stay vigilant and cautious when dealing with financial transactions online, and remember to report any suspicious activity to Coinbase immediately.
