Coinbase has just shared with the general public that it is under attack. A group of insiders allegedly stole the data of less than 1% of users and also facilitated social engineering attacks. The crypto-exchange has established a reward fund of 20 million dollars to succeed in convicting the cybercriminals.
Coinbase under attack: insiders steal data of 1% of the crypto platform’s clients
Coinbase, the crypto company listed on Nasdaq, has just announced that it is under attack, sharing everything it is experiencing.
“Cybercriminals have corrupted and recruited dishonest support agents abroad to extract personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts were not touched. We will reimburse affected customers. More information here:”
In practice, it seems that cybercriminals have corrupted and recruited a group of rogue support agents overseas at Coinbase, to steal customer data and facilitate social engineering attacks.
Specifically, the insiders copied data such as name, address, phone, and email, but also the masked social security (only the last 4 digits), masked bank account numbers and some bank account identifiers. Not only that, there were also thefts of identity document images, account data such as balance snapshots and transaction history, and limited business data.
This is a number of victims that represents less than 1% of the users who make monthly transactions with Coinbase.
Coinbase under attack: the ransom demand of 20 million dollars
The ultimate goal of this data theft would have led the cybercriminals to contact the victims, pretending to be Coinbase, to convince them to hand over their crypto.
In this regard, Coinbase has already stated that it will reimburse customers who were tricked into sending funds to the hacker, due to social engineering attacks.
Not only that, Coinbase would have also received extortion threats, with the demand for a ransom of 20 million dollars to cover everything.
The crypto platform tells everything on the web, and claims to have refused to give in to the demands of the criminals, but instead, Coinbase has established a reward fund of 20 million dollars, to succeed in convicting them.
In fact, the crypto platform has invited customers to collaborate if they have information about it, and it has also engaged industry partners ready to track down the hackers’ addresses and recover any stolen funds. The law enforcement agencies are involved as well, while the identified insiders, after being dismissed, will face a criminal complaint.
On the other hand, Coinbase specifies that the insiders were not able to steal any access credentials or 2FA codes, private keys, and any ability to move or access customer funds.
In practice, the hackers would have no access to the accounts of Coinbase Prime, and to any wallet (hot or cold) of Coinbase customers.
“`html
The entry into the S&P 500
“`
The news of the attack on Coinbase comes just a few days after the announcement of its official entry into the S&P 500, the benchmark index of the US stock market.
Coinbase will take the place of Discover Financial Services. This change will come into effect with the opening of the markets on May 19.
From that day, the price of Coinbase shares has increased by 28%, with COIN now valued at $263.