Coinbase revealed it is suffering from data breaches affecting less than 1% of active monthly users, according to a May 15 statement.
Following Huck, exchange CEO Brian Armstrong said the perpetrator tried to force $20 million in Bitcoin.
How Coinbase was broken
According to the exchange, threat actors recruited and fed a group of overseas support agents with access to internal systems.
These insiders leaked sensitive data, allowing threat actors to impersonate Coinbase staff and carry out social engineering scams.
The compromised data included name, contact details, identification and masked bank and social security information, according to the company.
However, Coinbase emphasized that the core infrastructure, including user login credentials, private keys, and prime wallets, remains secure.
Meanwhile, the company vowed to terminate the compromised insiders and pursue legal action against them. They also work with law enforcement to investigate violations.
Coinbase has also announced that it will compensate affected users.
The attacker attempted to force $20 million from the company following the violation. However, Coinbase rejected the demand and stated:
“We will not pay the $20 million ransom demand we received. Instead, we are establishing a $20 million compensation fund for information that will lead to the arrest and conviction of those responsible for this attack.”
Zachxbt connection
Coinbase has not confirmed the direct link, but blockchain investigator Zachxbt noted that the violation coincided with previous social engineering attacks he reported.
In response to Coinbase’s announcement, Zachxbt stated:
“It’s true, there are a lot of Coinbase user thefts I’ve posted.”
Over the past few months, ZachxBT details how Coinbase users collectively lost hundreds of millions of dollars to elaborate their phishing and spoofing tactics. He estimated that such fraud costs more than $300 million exchange users each year.
However, WinterMute CEO Evgeny Gaevoy believed that the current strict regulatory framework allowed these attacks to flourish.
According to him:
“This is the dark side of the ridiculous, meaningless KYC/AML regime we live in. Life is slightly more convenient for law enforcement and geopolitical games, sacrificing privacy, leans large taxes on almost every business, making criminals robbing, lureing, and making crime easier.”