Cryptocy exchange Coinbase disclosed that it expects to pay between $180-$400 million to compensate customers affected by a major data breach. In an SEC filing, the company stated that while private encryption keys remained secure, sufficient customer information was exposed to enable sophisticated phishing attacks by criminals posing as Coinbase personnel.
The data breach, detailed in Coinbase’s May 15 blog post, was not of Coinbase’s platform itself. It resulted from the bribing of offshore support contractors and staff who leaked customer contact details and limited account information, which included identity data such as passport details. Threat actors subsequently used this data to conduct targeted phishing campaigns, successfully deceiving some customers into providing account access credentials.
The company had detected these activities in the past months and promptly fired the staff or contractors involved. It also warned the clients whose details were compromised. Coinbase said its core systems remained secure, but acknowledged the significant customer impact from these secondary attacks. It has already begun the process of reimbursing affected customers and implementing additional security measures to prevent similar incidents. Coinbase stated that the estimated compensation costs were preliminary and reflect its commitment to making customers whole.
Crypto investigator ZachXBT had raised early warnings about these incidents back in February, sharing evidence on social media of coordinated phishing campaigns targeting Coinbase clients using stolen customer data. He indicated it was a problem of significant scale months before Coinbase’s official disclosure.
Coinbase went public following an extortion attempt related to the breach. Criminals demanded payment to prevent them from publicly disclosing the issue. Coinbase refused to pay the ransom and instead reported the extortion attempt to law enforcement and is offering a $20 million reward to help catch the criminals.
The crypto market is entering the end of an era as CME Group officially launches 24/7 Bitcoin and…
Asset management giant VanEck has officially launched the first-ever U.S. spot ETF tied directly to BNB, the native…
Layer-1 blockchain Sui experienced another major network outage on May 28 after block production and transaction processing…
The Depository Trust & Clearing Corporation (DTCC) has announced plans to connect its tokenization infrastructure to the Stellar blockchain,…
Robinhood is officially entering the “agentic AI” era after unveiling a new beta feature that…
Bitcoin financial services company Fold has officially begun rolling out its long-awaited Bitcoin rewards credit card, allowing…