Ethical Hacking News
Coinbase has disclosed a data breach after an extortion attempt, leaving customers vulnerable. Rogue contractors stole customer data from under 1% of Coinbase's monthly transacting users and demanded $20 million. The company is taking steps to address the issue, including terminating the rogue contractors involved, boosting fraud monitoring, and alerting impacted users.
Rogue contractors at Coinbase stole customer data from under 1% of monthly transacting users. The attackers demanded $20 million to cover up the breach, but Coinbase refused. The exposed data includes contact details, partial Social Security numbers, and account history. Coinbase has estimated that the breach will cost around $180 million to $400 million.
Coinbase, one of the world's largest cryptocurrency exchanges, has recently disclosed a data breach after an extortion attempt. According to the company's statement, rogue contractors were involved in the incident, and they stole customer data from under 1% of Coinbase's monthly transacting users.
The breach was reported to the U.S. Securities and Exchange Commission (SEC) in May 2025, and it is believed that the attackers used cash offers to convince a small group of insiders to copy data in Coinbase's customer support tools. The aim of the attackers was to gather a customer list they could contact while pretending to be Coinbase, thereby tricking people into handing over their crypto.
The attackers demanded $20 million from Coinbase to cover up the breach, but the company refused to pay. Instead, Coinbase has taken steps to address the issue, including terminating the rogue contractors involved, boosting fraud monitoring, and alerting impacted users.
The exposed data includes contact details, partial Social Security numbers, bank information, ID images, account history, and limited internal documents. Notably, the data breach did not expose passwords, private keys, or customer funds.
Coinbase has estimated that the breach will cost around $180 million to $400 million, mainly for remediation and customer reimbursements. The final impact of the breach is still under review.
In light of this incident, it is essential for cryptocurrency users to be aware of the potential risks associated with data breaches in the industry. Coinbase's response to the breach highlights the importance of robust security measures and swift action in addressing such incidents.
The incident also raises questions about the vulnerabilities in the supply chain and the need for companies to monitor their contractors' activities closely. The use of cash offers to convince insiders to compromise customer data is a concerning tactic that underscores the ongoing threat landscape in the cybersecurity world.
In conclusion, Coinbase's data breach serves as a reminder of the importance of robust security measures and swift action in addressing such incidents. As the cryptocurrency industry continues to grow, it is crucial for companies like Coinbase to prioritize security and take proactive steps to prevent similar breaches in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/Coinbase-Data-Breach-Rogue-Contractors-Extortion-Attempt-Leaves-Customers-Vulnerable-ehn.shtml
https://securityaffairs.com/177878/cyber-crime/coinbase-disclosed-a-data-breach-after-an-extortion-attempt.html
Published: Thu May 15 14:01:26 2025 by llama3.2 3B Q4_K_M
