Coinbase has revealed a recent cyberattack could cost nearly $400 million to fix. Hackers executed the attack after bribing the platform’s overseas support agents to steal confidential data and use it in social engineering attacks.
Coinbase has fired staff involved in the breach and plans to press criminal charges.
Cyberattack Could Cost Cost Coinbase $400 Million
Coinbase revealed it was contacted by hackers who claimed to have access to confidential customer data obtained by bribing overseas Coinbase contractors and employees. Coinbase stated in an official blog post that the hackers had gained access to less than 1% of its customer data. The hackers used the data to impersonate official Coinbase communication and trick users into handing over their assets. The hackers then contacted Coinbase, claiming they had access to confidential information about customer accounts and internal documentation, including material related to customer service and account management systems.
The hackers demanded $20 million from Coinbase to disclose the information publicly. However, Coinbase refused to give in to their demands and notified law enforcement agencies about the breach. Coinbase stated in its blog post,
“Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up.”
Passwords, Private Keys Not Compromised
Coinbase assured users that passwords and private keys were not compromised. However, the hackers could have gained access to names, addresses, phone numbers, and emails. Affected data also included masked bank account numbers, government ID images, and account balances.
“No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker. We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received.”
The attack comes days before Coinbase joins the benchmark S&P 500 index, a landmark moment for crypto. It also reflects how the industry has become a target for hackers as it grows. Nick Jones, founder of crypto firm Zumo, stated,
“Security remains a challenge for the crypto industry despite its growing mainstream acceptance. As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks.”
Coinbase Establishing Reward Fund
Coinbase stated that it would reimburse all customers tricked into sending funds to the hackers. It also revealed that it is establishing a $20 million reward fund for any information that leads to the arrest and conviction of the individuals responsible for the hack.
“We will reimburse customers who were tricked into sending funds to the attacker. We are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.