Ethical Hacking News
A security breach on a massive scale has exposed nearly 70,000 Coinbase customers to potential exploitation by scammers. The attackers used social engineering tactics to gain access to customer data, which was then used to scam Clark, a security researcher. In response, Coinbase's Head of Trust and Safety, Brett Farmer, acknowledged receipt of the report but failed to provide any meaningful updates or explanations regarding the breach for over four months.
Coinbase suffered a breach on December 26, 2024, resulting in the theft of sensitive customer data.The attackers exploited vulnerabilities in Coinbase's systems and bribed support staff to obtain confidential information about customers.A security researcher, Clark, was targeted by scammers using stolen Coinbase data, losing $150,000 in cryptocurrency.Coinbase failed to provide meaningful updates or explanations regarding the breach for four months after receiving a comprehensive security report from Clark.The breach compromised nearly 70,000 customers' data, including personal details and transaction histories.The company's decision to bribe support staff has been widely criticized, highlighting the importance of prioritizing security over profits.
In the world of cybersecurity, trust is a precious commodity. It is built on the foundation of security measures, transparency, and accountability. However, when these pillars are breached, it can lead to catastrophic consequences. The case of Coinbase, a popular cryptocurrency exchange, serves as a stark reminder of the importance of vigilant security practices.
On December 26, 2024, Coinbase disclosed that its systems had been compromised, resulting in the theft of sensitive customer data. The breach was attributed to attackers who managed to exploit vulnerabilities in the company's systems and bribe support staff into divulging confidential information about customers. According to reports, scammers used detailed personal data from Coinbase to scam Clark, a security researcher.
The attack on Clark began with an email that read: Order N54HJG3V: Withdrawal of 2.93 ETH initiated. A representative will be in touch shortly before we mark the payment completed. This innocuous-sounding message was, however, a clever ruse designed to gain Clark's trust and extract sensitive information from him.
Google Project Zero
The attackers used this email as a Trojan horse, luring Clark into divulging his personal details, including his Social Security number and Bitcoin balance. The attackers then used this information to scam Clark out of his cryptocurrency. This brazen tactic is characteristic of social engineering attacks, where scammers exploit human psychology to gain an upper hand.
Clark reported the attack to Coinbase on January 7, 2025, providing a comprehensive security report that detailed the techniques employed by the attackers. In response, Coinbase's Head of Trust and Safety, Brett Farmer, replied promptly, acknowledging receipt of the report and assuring Clark that the company was investigating the incident.
However, despite Farmer's initial response, Coinbase failed to provide any meaningful updates or explanations regarding the breach for the next four months. This lack of transparency is particularly egregious, given the serious nature of the attack and the sensitive information involved.
The breach itself occurred on December 26, 2024, when attackers gained access to Coinbase's systems. The thieves then exploited their newfound access to steal sensitive customer data, including names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, driver's license numbers, passport numbers, national identity card numbers, transaction histories, balances, transfers, and the dates customers opened their accounts.
In May 2025, Coinbase finally disclosed the breach to the US Securities and Exchange Commission (SEC), revealing that nearly 70,000 customers' data had been compromised. The attackers also attempted to extort Coinbase for $20 million.
The handling of this breach has been widely criticized, with many accusing Coinbase of prioritizing profits over security. The company's decision to bribe support staff into divulging customer information is particularly disturbing, as it undermines the very foundations of trust that are essential in any relationship.
In conclusion, the case of Coinbase serves as a stark reminder of the importance of robust security measures and transparent communication in the face of cyber threats. When companies prioritize profits over security, they put their customers at risk, and undermine the trust that is essential for any successful business.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Tale-of-Betrayal-How-Coinbases-Handling-of-a-Security-Breach-Exposed-Its-Support-Staff-to-Scammers-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/17/coinbase_breach_timeline/
Published: Mon Nov 17 13:57:40 2025 by llama3.2 3B Q4_K_M
