Coinbase, one of the world's most recognized exchanges, revealed that a group of cybercriminals accessed its system after bribing technical support employees located abroad. These employees, who had access to customer service, used their permissions to extract personal data from a small fraction of users: less than 1% of monthly active customers.
According to the company, the compromised information includes names, addresses, emails, phone numbers, images of government-issued ID documents, and some banking information. However, the exchange maintains that no user passwords, private keys, or funds were compromised.
After obtaining the data, the hackers attempted to extort the company, demanding $20 million in exchange for not making the incident public. Coinbase refused to give in to the blackmail and, instead of paying, decided to establish a reward fund of the same amount for anyone providing information leading to the capture and conviction of those responsible.
The attackers used the information to conduct social engineering scams, impersonating Coinbase and tricking some users into sending their crypto assets to fraudulent addresses.
In response to the incident, the firm has assured that it will take measures to mitigate the impact and prevent future attacks. It states that it will reimburse customers who were deceived and lost money due to social engineering attacks. It has also pledged to open a support center in the United States, implement stricter controls at all locations, and implement additional identity verification requirements for high-risk transactions. Mandatory scam alerts will also be added for affected users.
The company also noted that it is strengthening its internal security measures, including investing in threat detection technologies and simulations to identify potential vulnerabilities. Furthermore, the employees involved in the incident have been fired and reported to the authorities.
Coinbase recommends its users activate two-factor authentication (2FA) with physical keys, restrict transfers to verified addresses only, and be wary of any requests for funds or sensitive data. The platform assures that it will continue to collaborate with authorities to ensure that those responsible face the maximum legal penalties.
Following the incident, the exchange has urged its customers to remain vigilant, as scammers could continue to pose as employees to request confidential information or transfers. The company reiterates that it will never ask for passwords, 2FA codes, or funds sent to new addresses, and for further protection, suggests enabling withdrawal lists to trusted wallets and reporting any suspicious activity to the email address indicated in the statement.
This situation is reminiscent of what happened in 2019 with Binance when passport data, IDs, and photos of alleged exchange customers were stolen and published in a Telegram group. According to Binance, the hackers demanded 300 BTC, today more than USD 30.7 million based on CoinMarketCap data to avoid publishing the private information of more than 10,000 customers. Like Coinbase, the company offered a reward (25 BTC) for the capture of those involved.
