One of the largest cryptocurrency exchange platforms, Coinbase, has recently confirmed it was the victim of a data breach involving hackers who exploited internal systems to steal sensitive customer information. The attackers apparently bribed rogue overseas customer support agents to gain unauthorized access to a small set of account data.
The hackers also attempted to extort Coinbase for $20 million, requesting payment to cover up the attack. Paying these ransom attempts are not always in best interest as there are no guarantees, and the hackers can still make copies and misuse the data in the future.
Coinbase refused to pay the ransom, opting instead to focus on investigating the incident and directly helping customers affected by the breach.
What Information Was Stolen
They’ve also warned customers to be on the lookout for scams and phishing attempts, reiterating that they will never ask users to transfer funds or share sensitive information like passwords or 2FA codes.
The hackers managed to access data of less than 1% of Coinbase’s monthly active users. This included personal data such as names, email addresses, phone numbers, and some bank account details for a small group of users. They also gained access to government ID images like driver’s licenses and passports, as well as account data like transaction history and balance snapshots.
However, they did not gain access to any login credentials, multi-factor authentication (2FA) codes, the ability to move funds, nor access to hot or cold (software or hardware-based) wallets, and overall security systems remained untouched.
Transparency and Security Reinforcements
In the wake of the breach, Coinbase has been open about the incident, sharing details of the attack and offering ongoing updates. They are reimbursing anyone who was tricked by the attackers into sending funds as a result of social engineering scams and have reached out to affected customers.
They’ve set up a $20 million reward fund to encourage anyone with information on the hackers to come forward and have implemented additional safeguards and security protections and operations, including expanding its customer support operations and investing in enhanced security systems to prevent insider threats and future breaches.
General best security practices are always recommended, such as using strong two-factor authentication and enabling withdrawal limits (such as allow-listing which limits ability for new recipients on crypto exchange platforms) to protect online accounts.
Learn more about the breach and updates on Coinbase’s website.
Leave a Reply