Cryptocy exchange Coinbase disclosed that it expects to pay between $180-$400 million to compensate customers affected by a major data breach. In an SEC filing, the company stated that while private encryption keys remained secure, sufficient customer information was exposed to enable sophisticated phishing attacks by criminals posing as Coinbase personnel.
The data breach, detailed in Coinbase’s May 15 blog post, was not of Coinbase’s platform itself. It resulted from the bribing of offshore support contractors and staff who leaked customer contact details and limited account information, which included identity data such as passport details. Threat actors subsequently used this data to conduct targeted phishing campaigns, successfully deceiving some customers into providing account access credentials.
The company had detected these activities in the past months and promptly fired the staff or contractors involved. It also warned the clients whose details were compromised. Coinbase said its core systems remained secure, but acknowledged the significant customer impact from these secondary attacks. It has already begun the process of reimbursing affected customers and implementing additional security measures to prevent similar incidents. Coinbase stated that the estimated compensation costs were preliminary and reflect its commitment to making customers whole.
Crypto investigator ZachXBT had raised early warnings about these incidents back in February, sharing evidence on social media of coordinated phishing campaigns targeting Coinbase clients using stolen customer data. He indicated it was a problem of significant scale months before Coinbase’s official disclosure.
Coinbase went public following an extortion attempt related to the breach. Criminals demanded payment to prevent them from publicly disclosing the issue. Coinbase refused to pay the ransom and instead reported the extortion attempt to law enforcement and is offering a $20 million reward to help catch the criminals.
The Federal Reserve has unveiled a new proposed rule that would require certain payment stablecoin issuers to…
Shares of HIVE Digital Technologies jumped more than 10% after the company announced a major $220 million, three-year…
Illinois has officially become the first U.S. state to impose a transaction-based tax on cryptocy activity…
The cryptocy market was hit by a sharp wave of volatility after the Federal Open Market…
Algorand is accelerating its push toward becoming one of the world's first fully quantum-resistant blockchains, announcing…
The long-awaited Digital Asset Market CLARITY Act is moving closer to becoming law as momentum continues building…