Cryptocy exchange Coinbase disclosed that it expects to pay between $180-$400 million to compensate customers affected by a major data breach. In an SEC filing, the company stated that while private encryption keys remained secure, sufficient customer information was exposed to enable sophisticated phishing attacks by criminals posing as Coinbase personnel.
The data breach, detailed in Coinbase’s May 15 blog post, was not of Coinbase’s platform itself. It resulted from the bribing of offshore support contractors and staff who leaked customer contact details and limited account information, which included identity data such as passport details. Threat actors subsequently used this data to conduct targeted phishing campaigns, successfully deceiving some customers into providing account access credentials.
The company had detected these activities in the past months and promptly fired the staff or contractors involved. It also warned the clients whose details were compromised. Coinbase said its core systems remained secure, but acknowledged the significant customer impact from these secondary attacks. It has already begun the process of reimbursing affected customers and implementing additional security measures to prevent similar incidents. Coinbase stated that the estimated compensation costs were preliminary and reflect its commitment to making customers whole.
Crypto investigator ZachXBT had raised early warnings about these incidents back in February, sharing evidence on social media of coordinated phishing campaigns targeting Coinbase clients using stolen customer data. He indicated it was a problem of significant scale months before Coinbase’s official disclosure.
Coinbase went public following an extortion attempt related to the breach. Criminals demanded payment to prevent them from publicly disclosing the issue. Coinbase refused to pay the ransom and instead reported the extortion attempt to law enforcement and is offering a $20 million reward to help catch the criminals.
NFT platform Candy Digital has announced plans to migrate its digital collectibles ecosystem to the Solana blockchain, signaling…
The U.S. military has confirmed it is actively running a Bitcoin node as part of national security research, while…
The Web3 gaming sector is facing a harsh reality check as new data reveals that more…
Justin Sun, founder of TRON, has filed a federal lawsuit against World Liberty Financial, a crypto venture…
Tether has frozen approximately $344 million in USDT on the Tron blockchain after the wallets were flagged by U.S. authorities, marking…
Prediction market platform Kalshi has fined and suspended three U.S. congressional candidates after determining they engaged in “political…