Coinbase received an extortionary email asking for $20 million in ransom from hackers who said they had obtained private user data.
The cryptocurrency exchange platform said a May 11 message demanded the money in return for not publicly disclosing information that was obtained through Coinbase employees.
‘No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched.’
In a press release, Coinbase said “cyber criminals bribed and recruited” “rogue overseas support agents” to steal customer data in order to facilitate social engineering attacks.
Coinbase described the intrusion as only affecting a small subset of customers (less than 1%). However, this could still account for more than 1 million app users, given 2024 estimates that the company had ballooned to 105 million users, according to Business of Apps.
“No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched,” Coinbase noted. “We will reimburse customers who were tricked into sending funds to the attacker.”
While the company did its best to reassure its customers, a plethora of private information was swept up that users will not be happy about.
According to Coinbase, hackers were provided with user names, addresses, phone numbers, and emails. The last four digits of Social Security numbers, masked bank account numbers, images of government ID, and more were allegedly stolen as well.
Dean Gefen, CEO of cybersecurity firm NukuDo, told Blaze News that this kind of data breach has long-term effects that most will come to realize.
‘That kind of exposure isn’t just a privacy issue; it opens the door to phishing, identity theft, and long-term financial vulnerability. Most users won’t feel it today, but if that data gets sold or abused, the impact will remain for years.”
Gefen explained that the reason crypto account holders are so at risk is because they sit at the intersection of finance and emerging tech. These two sectors often move ahead at light speed and end up leaving security in the rearview mirror, hoping to catch up.
“Any company storing sensitive financial data needs to take this as sign to be on notice. Without the right people, training, and systems in place, this kind of breach is inevitable,” Gefen said.
When asked if this was just the cost of doing business at this scale, Gefen replied, “[Only] if we accept failure as normal.”
“We wouldn’t tolerate this kind of breach in a nuclear facility or defense system, so why would we accept it in our financial infrastructure?”
The cybersecurity expert added that bad actors from China, North Korea, and Russia are among the biggest threats who look at crypto platforms as attractive, decentralized targets.
Coinbase said that is working with “industry partners” and law enforcement to connect the dots, but instead of paying the ransom, it planned to establish a $20 million reward fund for information leading to the arrest and conviction of the attackers.
The crooked insiders were allegedly “fired on the spot” and referred to “U.S. and international law enforcement.”
Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!
The post Coinbase employees caught taking bribes for user data — hackers demand $20 million ransom appeared first on TheBlaze.
