Cyber perpetrators allegedly swiped customer data from Coinbase, demanding a ransom of $20 million in return.
*Coinbase Data Breach: What You Need to Know*
Coinbase, the leading American cryptocurrency exchange, is on red alert after a data breach allows bad actors to target customers for crypto-theft.
In a revealing post on social media, CEO Brian Armstrong confessed that dishonest employees, living outside the US, took bribes to disclose sensitive data such as names, birthdays, and partial ID numbers to cybercriminals. This stolen info has been used to execute social engineering attacks, where callers pose as Coinbase reps and trick customers into transferring funds.
It's not clear how many Coinbase customers have been affected, but the company has vowed to make good on any losses suffered by its customers as a result of this incident. In documents filed with the US Securities and Exchange Commission (SEC), Coinbase projected that it may have to spend between $180 million to $400 million to cover remediation and customer reimbursements related to the bribes.
As the cybercriminals demanded a ransom of $20 million in bitcoin not to publicize the stolen customer info, Coinbase responded by refusing to pay and instead offering a $20 million bounty for any information that leads to the capture of the attackers. In Armstrong's words, "We will prosecute you and bring you to justice."
What Should You Do?
- Enable Two-Factor Authentication (2FA) and withdrawal allow-listing to beef up account security.
- Be wary of any unexpected calls requesting sensitive information or pressuring you to transfer funds. Never share sensitive data over the phone or under pressure.
- Keep an eye out for phishing attempts and stay vigilant against scams.
Stay informed as Coinbase continues to take measures to safeguard customer info and prevent future incidents.
Further Reading:
- Cryptocurrency Security
- Cybersecurity Measures
- Data Privacy
- Coinbase Updates
Enrichment Data:
- Number of Customers Affected by the Coinbase Data Breach: Approximately 1% of users (~1 million, considering Coinbase's 100M+ user base)
- Breach Mechanism: Bribed support agents facilitated access to customer data
- Remediation Costs: Expected expenses range from $180 million to $400 million (reimbursement, remediation, and security upgrades)
- Reimbursement: Voluntary reimbursement for customers who lost funds due to social engineering
- Security Measures: Measures taken include firing involved employees, criminal charges, opening a new U.S. support hub, enhanced insider-threat and automated threat detection, increased customer education
- Customer Advice: Enable 2FA, withdrawal allow-listing, beware of scams, never share sensitive information.
- This cybersecurity incident at Coinbase underscores the importance of data-and-cloud-computing security measures, particularly in the realm of general-news and crime-and-justice.
- In light of the Coinbase data breach, it's crucial for users to follow recommended security practices such as enabling Two-Factor Authentication (2FA), withdrawal allow-listing, and being vigilant against phishing attempts to protect their accounts.
