Coinbase Exchange Coinbase revealed that unknown cyber -aciters invaded their systems and stole your account data for a small subgroup of their customers.
“The criminals sent to our customer support agents abroad,” the company – Note In a statement. “They used cash offers to convince a small insider group to copy data to our customer support tools for less than 1% of Coinbase’s monthly transactions.”
The ultimate goal of the company was to make a list of customers they refer to, masking as Coinbase and deceiving them, transferring their assets of cryptocurrencies.
Coinbase said tried On May 11, 2025, the company requires $ 20 million, stating information about certain customer accounts as well as internal documents. In A statement Coinbase shared with Fortune, said compromised customer agents worked in India and were fired.
“No passwords, private keys and funds were subjected to, and Coinbase’s main accounts are not touched,” Coinbase said. What the attackers left below –
- Name, address, phone and email
- Maskilated Social Security (only the last 4 digits)
- Masked bank accounting numbers and some bank account identifiers
- Image IDs ID (eg driver’s license, passport)
- Account data (shooting balance and transaction history)
- Limited Corporate data, including documents, training materials and communication available to support agents
Crypto -Giant said he was making a step to compensate customers who cheated on the transfer of the assailants from the social engineering attacks. It is unclear how many customers fell on the scam but the company detach Techcrunch, which affected less than 1% of 9.7 million monthly customers.
The company also carries out additional inspections of IDs on certain accounts when conducting large withdrawal, and that it hardens protection to counteract such insider threats. Finally, Coinbase created a $ 20 million award for information that leads to the arrest and condemnation of the attackers.
In accordance with the user softening, it is recommended to enable Conclusion Permit for List To allow translations only for the address in your address books, include two -factor authentication (2FA), and be careful about the impostors trying to move funds to a safe wallet.
