Coinbase Hack Compromises Million Customers’ Information
Most data breaches are the work of external attackers, but sometimes the call comes from within. Cryptocurrency exchange Coinbase revealed that hackers paid support agents — both employees and contractors based outside the U.S. — who had access to the company’s systems to provide customer data, then demanded a $20 million ransom to prevent the information from leaking.
Coinbase was notified of the ransom demand on May 11, just days before the incident was reported to the Securities and Exchange Commission (SEC). The company said the employees involved were fired and reported to law enforcement when their unauthorized access was discovered, but they were still able to provide information to the attackers.
What happened to Coinbase?
The attackers, using insiders with access to Coinbase systems, were able to collect personal information on about a million people (just 1% of Coinbase customers). According to a Coinbase blog post detailing the incident , the compromised data included:
-
Names, addresses, telephone numbers and email addresses
-
The last four digits of your social security number
-
Hidden Bank Account Numbers and Identifiers
-
Images of government identification documents such as driver’s licenses and passports
-
Account details such as balance snapshots and transaction history
-
Corporate data is available to support agents
The hack did not affect login credentials, two-factor authentication (2FA) codes, or private keys, and the hackers did not have access to customer funds, Coinbase Prime accounts, or customer hot or cold wallets.
Coinbase said it is not paying the $20 million ransom, but is instead offering the funds as a reward for information about the attack. The company is also expanding its support in the U.S. to monitor and manage the impact on customer accounts.
What Coinbase Customers Need to Do
Coinbase sent email notifications from [email protected] to all affected customers. The emails were sent at 7:20 a.m. on May 15. Affected accounts will need to go through multiple identity checks to process large withdrawals, so transaction delays may occur.
If you’ve been hacked, be on the lookout for impersonation scams. The goal of the attack, according to Coinbase, was to obtain customer information, pretend to be a Coinbase employee, and use social engineering tactics to trick targets into transferring their money. Know that Coinbase will never ask for your credentials (including passwords and 2FA codes) or ask you to transfer assets to another “safe” account, vault, or wallet, and they will never call or text you to give you your seed phrase or wallet address. They also won’t ask you to call an unknown number for customer support.
You can also take steps to protect your account, such as enabling 2FA with a hardware key and turning on the “Approved Withdrawal List” feature, which limits transfers to accounts in your address book that you know and trust. If you believe your account has been compromised, lock it and contact [email protected] .
Finally, Coinbase says it will reimburse customers who were tricked into sending funds to the scammers. You can find more details in the email notification.