David Edwards
In the wake of a $400 million security breach, cryptocurrency exchange Coinbase is under scrutiny after it was revealed that hackers had unauthorized access to sensitive customer data since January. A planned scam including the bribery of foreign customer service representatives was the cause of the breach, which was revealed on May 11.
Insiders Made Unauthorized Access Possible
Attackers targeted workers and contractors connected to Coinbase’s business process outsourcing divisions outside of the US, according to people familiar with the situation. The hackers were able to access extensive user data, such as complete names, dates of birth, residential addresses, government-issued ID numbers, banking information, account balances, and account creation dates, by bribing a specific group of insiders.
Mike Dudas, a victim of the hack and managing partner at web3 investment firm 6MV, called the incident “a major breach,” pointing to the startling volume of personal data that was compromised.
Philip Martin, the chief security officer at Coinbase, disputed the assertion that the hackers had continuous access since January. He explained that rights were removed as soon as illegal data sharing was discovered. He did, however, admit that there were several instances of bribery in the breach and mentioned that Coinbase had discovered suspicious behavior months before to the extortion effort.
Effects and Coinbase’s Reaction
Less than 1% of Coinbase’s monthly transacting users were impacted, the company said in a thorough report. The development of a database to mimic Coinbase and trick consumers into giving up their cryptocurrency assets seemed to be the attackers’ goal. The attackers intensified their extortion campaign after Coinbase declined to pay the $20 million ransom.
No customer wallets were accessed, and the exchange made clear that no private keys, login information, or Prime accounts were stolen. Coinbase is putting stronger internal security measures in place and has promised to compensate any affected users.
The business also announced the opening of a new customer service center in the United States and offered a $20 million reward for information that would result in the apprehending of the culprits. Additionally, it has marked the pilfered money for recovery and is actively working with law enforcement.
