Recommended reading

Personal information leaked in Coinbase cyberattack, cost could be $400 million

News
By published

Hackers bribed Coinbase employees to obtain the data

Bitcoin
  • Coinbase confirmed suffering a cyberattack recently
  • The attack started when crooks bribed the company's employees overseas
  • Passwords, and user funds, were not affected

Coinbase, one of the biggest centralized cryptocurrency exchanges in the world, suffered a cyberattack which might cost it between $180 million and $400 million. This is according to Reuters, citing a regulatory filing submitted by the company earlier this week.

The exchange said that on May 11, it received an email from an unknown threat actor who claimed they obtained internal documents, and sensitive data about certain customer accounts. Coinbase later confirmed these claims, saying that only a “small subset” of customers were affected.

The data stolen doesn’t include login credentials or passwords, but Coinbase did say it would reimburse anyone who gave their money to the attackers. To obtain the files, the criminals allegedly paid “multiple contractors and employees” who were working in support roles outside the US.

TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

Preferred partner (What does this mean?)

View Deal

Demanding ransom

The individuals involved were identified and subsequently fired. There is no information on possible legal action against them.

The attackers demanded a ransom of $20 million in exchange for the data, which Coinbase refused to pay. Instead, it is now offering that exact amount of money - $20 million - as a bounty to anyone who comes forward with actionable information regarding the hackers’ identities or whereabouts.

Crypto is in a difficult position right now, trying to establish itself as a legitimate industry, while being surrounded by theft, scams, crime, and regulatory pressure. Just a few months ago, ByBit - another major cryptocurrency exchange - was hacked, with North Korean cybercriminals walking away with $1.5 billion in different tokens.

Earlier this May, Alex Mashinsky, the former CEO of the bankrupt crypto bank, Celsius Network, was sentenced to 12 years in prison after pleading guilty to securities fraud and commodities fraud, and recently - in broad daylight - three individuals tried to kidnap the daughter of a crypto exchange CEO.

At the same time, Reuters is reporting that the SEC took the opportunity to investigate if Coinbase misstated user figures and if it has inadequate KYC practices. Coinbase denied the probing, though.

Via Reuters

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.