Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed a significant data breach affecting 69,461 individuals. The breach, which involved cybercriminals working with rogue support agents, led to the theft of customer data and internal documentation. The attackers accessed this data with the help of overseas contractors and support staff who misused their system access. Coinbase confirmed that no customer passwords, private keys, or funds were compromised, but sensitive personal information was exposed.
Details of Stolen Data
The stolen data includes names, addresses, phone numbers, email addresses, masked Social Security numbers, bank account details, and images of government IDs such as driver’s licenses and passports. Account information, including transaction history and balance snapshots, was also taken. While no passwords or private keys were accessed, this data can be used for social engineering attacks, where attackers pose as legitimate sources to deceive customers into transferring funds.
Attack Method and Insider Involvement
The breach occurred when a small group of overseas support staff, who were paid to access internal systems, improperly accessed and stole customer data. Coinbase detected the issue and terminated the involved staff members. Despite this, the data was already exfiltrated, and attackers used it to conduct social engineering schemes, attempting to manipulate customers into sending funds.
Ransom Demand and Coinbase’s Response
After gaining access to the stolen data, the attackers contacted Coinbase on May 11, demanding a $20 million ransom to prevent the release of the data. Coinbase refused to pay the ransom and instead offered a $20 million reward fund for information leading to the capture of the perpetrators. The company has also committed to reimbursing customers who were tricked into transferring funds to the attackers.
Financial Impact and Customer Reimbursement
Coinbase estimates the breach could lead to expenses between $180 million and $400 million for remediation, including customer reimbursements. Although the full financial impact remains uncertain, Coinbase has vowed to reimburse customers who sent funds to the attackers after being deceived in follow-up social engineering attacks. The company is also implementing improved insider-threat detection and automated threat response systems to prevent future breaches.
Customer Protection Measures
Coinbase advises customers to be cautious of scammers impersonating Coinbase employees, stressing that Coinbase will never request sensitive information over the phone. To protect their accounts, customers are encouraged to enable two-factor authentication (2FA) and withdrawal allow-listing, which helps prevent unauthorized transfers. Coinbase further emphasized that these measures are crucial to safeguard against similar social engineering schemes.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
