Coinbase confirmed Thursday that security breaches are personal data linked to thousands of customers, or less than 1% of users that month. The violation was not due to technical flaws. It came down to bribery. Hackers have been rewarded with overseas customer support agents to access sensitive customer information.
The attacker obtained his name, date of birth, email and home address, account balance, and transaction history. They had no access to passwords, private keys, or customer funds. Your Coinbase Prime account was not affected.
“Cybercriminals have fed and recruited Rogue’s overseas support agents to withdraw personal data of less than 1% of Coinbase MTU. No passwords, private keys or funds were made public. Prime accounts cannot be touched. We will refund affected customers.
Cybercriminals have fed and recruited Rogue’s overseas support agents to extract personal data of less than 1% of Coinbase MTU. No passwords, private keys, or funds are publicly disclosed. Prime account cannot be touched. Refunds to affected customers. For more information, click here: https://t.co/sidvn59jcv
– Coinbase🛡️ (@coinbase) May 15, 2025
The Crypto Company said it rejected $20 million ransom demand from attackers. Instead, they paid $20 million for information that led to the arrest and conviction of the person responsible.
Within Coinbase Data Breach
This was not a smash and grab job. According to Coinbase, hackers have been working on support channels for several months, funding contractors to enter the internal system. Once inside, they used their data to carry out a phishing scam by pretending to be a Coinbase representative.
Coinbase shared details in an X post, making it clear that only a small portion of its over 100 million users (as reported in 2022) were affected. Still, the stolen data was sufficient to trick some users into handing over the cryptography.
CNBC reported that threat actors paid customer support staff and contractors for access. Several internal corporate documents have also been photographed, but Coinbase has not said which. The company gained winds in activity several months ago and has since been warning users affected.
There is no ransom, it’s just $20 million blessing.
Instead of paying the ransom, Coinbase decides to chase the attacker with a $20 million bounty. In a blog post and public comments, he revealed that he will “pursuing the strictest possible penalties.”
CEO Brian Armstrong confirmed X’s bribe, saying that criminals have been approaching third-party agents for several months. Coinbase then began a complete overhaul of its support work.
This requires the return of sensitive support features to the US, limiting the amount of data that contractors can view, deploying insider threat monitoring, and ID checks for fraud prompts and accounts flagged as suspicious.
fall out
It’s not cheap to fix this. Coinbase estimated that the cost of the violation would cost between $180 million and $400 million. This has become a refund to customers who have been primarily phished and have enhanced security systems. These figures were disclosed to the SEC in 8-K filing.
Blockchain investigator Zachxbt said Coinbase users lost about $45 million to phishing scams in the first week of May. It gives a sense of damage that scammers can do with basic personal information.
The whole picture
This is not Coinbase’s first break-in with security issues. Just two months ago, the company was dealing with supply chain attacks via GitHub Action, but customer data was safe at the time. But this latest incident sheds light on another issue that complements critical operations.
Outsourcing support can reduce costs, but it can also open the door to something like bribery. Coinbase’s move to transfer support within the company is a clear indication that trust issues with third-party vendors are now at the forefront and center.
Crypto Economy pointed out that Coinbase’s decision to refuse to pay and put prices publicly on hackers’ heads could be a model for how crypto companies deal with insider threats without appearing weak.
What’s next?
Coinbase is a promising refund for users who are affected by scams and deploy stronger security alerts. The company is also extraordinarily transparent, with users being updated through X and its blogs.
Still, the incident highlights an indelible problem: social engineering. It doesn’t matter how secure the blockchain is. If an attacker can persuade people to hand over their credentials or click on fake links, the damage is real.
Coinbase’s response shows that it takes the situation seriously, but also shows a broader warning to the crypto industry. Without securing people operating it, technology cannot be secured.
🚀Want to share the story?
Submit your stories to TechStartUps.com in front of thousands of founders, investors, PE companies, tech executives, decision makers and tech leaders.
Please attract attention
Source link
