Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that cybercriminals recently stole customer and corporate data in a breach that affected 69,461 individuals.
In data breach notifications filed with the Office of Maine’s Attorney General, Coinbase explained, “A small number of individuals performing services for Coinbase at our overseas retail support locations improperly accessed customer information.”
Although the exposed data did not include passwords, seed phrases, private keys, or other credentials that could directly allow access to funds or accounts, it did include a combination of personal identifiers. These included name, date of birth, the last four digits of social security numbers, masked bank account numbers and some bank account identifiers, addresses, phone numbers, and email addresses.
Depending on the affected customer, the stolen information may also include images of government-issued IDs (such as driver’s license number, passport number, or national identity card number) as well as account details, including transaction history, balance, transfers, and account opening date.
Coinbase warned that “attackers seek out this information because they want to conduct social engineering attacks, using this information to appear credible to try and convince victims to move their funds.”
This disclosure follows growing concerns that the breach could result in serious consequences—including physical harm—after cybercriminals gain access to account balances and home addresses of the affected Coinbase customers.
Losses could reach up to $400 million
On Thursday, Coinbase disclosed the data breach in a filing with the U.S. Securities and Exchange Commission, stating that threat actors behind the attack obtained customer data belonging to up to 1% of its customer base. They gained access with assistance from support staff or contractors located outside the United States.
Additionally, the attackers sent an email on May 11, attempting to extort a $20 million ransom in exchange for withholding the stolen information from being released online. Nevertheless, the crypto exchange refused to pay the ransom. Instead, it announced plans to establish a $20 million reward fund for tips that could help identify the attackers and bring them to justice.
While Coinbase continues to assess the financial impact of the breach, the number of customers who fell victim to follow-up social engineering attacks and transferred funds to the scammers remains unknown. However, the company estimated that expenses for remediation and customer refunds will likely fall “within the range of approximately $180 million to $400 million.”
Coinbase also stated, “We will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts.”
The company further advises customers to remain vigilant against scammers posing as Coinbase employees. These fraudsters may attempt to extract funds or sensitive information, such as passwords or two-factor authentication (2FA) codes.
If contacted, customers should hang up immediately, as Coinbase will never request account details over the phone. To strengthen security, users should activate withdrawal allow-listing and enable two-factor authentication.
Source: BleepingComputer, Sergiu Gatlan
