Cryptocy exchange Coinbase disclosed that it expects to pay between $180-$400 million to compensate customers affected by a major data breach. In an SEC filing, the company stated that while private encryption keys remained secure, sufficient customer information was exposed to enable sophisticated phishing attacks by criminals posing as Coinbase personnel.
The data breach, detailed in Coinbase’s May 15 blog post, was not of Coinbase’s platform itself. It resulted from the bribing of offshore support contractors and staff who leaked customer contact details and limited account information, which included identity data such as passport details. Threat actors subsequently used this data to conduct targeted phishing campaigns, successfully deceiving some customers into providing account access credentials.
The company had detected these activities in the past months and promptly fired the staff or contractors involved. It also warned the clients whose details were compromised. Coinbase said its core systems remained secure, but acknowledged the significant customer impact from these secondary attacks. It has already begun the process of reimbursing affected customers and implementing additional security measures to prevent similar incidents. Coinbase stated that the estimated compensation costs were preliminary and reflect its commitment to making customers whole.
Crypto investigator ZachXBT had raised early warnings about these incidents back in February, sharing evidence on social media of coordinated phishing campaigns targeting Coinbase clients using stolen customer data. He indicated it was a problem of significant scale months before Coinbase’s official disclosure.
Coinbase went public following an extortion attempt related to the breach. Criminals demanded payment to prevent them from publicly disclosing the issue. Coinbase refused to pay the ransom and instead reported the extortion attempt to law enforcement and is offering a $20 million reward to help catch the criminals.
Stablecoin giant Tether has dramatically escalated its enforcement activity after blacklisting 370 blockchain addresses and freezing approximately $514.64 million worth…
Crypto exchange giant Coinbase experienced a major service outage that disrupted trading, transfers, and exchange operations after…
Cross-chain messaging protocol LayerZero has publicly apologized for its handling of the massive Kelp DAO exploitthat drained approximately $292…
Executives from PayPal and Google Cloud said the future of “agentic commerce” — where AI agents autonomously buy goods,…
Crypto exchange giant Kraken is making a major move deeper into the U.S. financial system after its…
A major national security scandal has erupted in Taiwan after prosecutors indicted a Taiwanese news…