The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2025-05-15 14:31:17.784

Source: https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html

Original Article Text

Click to Toggle View

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails. Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users." The end goal of the campaign was to put together a list of customers who they contact by masquerading as Coinbase and deceiving them into handing over their cryptocurrency assets. Coinbase said the threat actors then unsuccessfully attempted to extort the company for $20 million on May 11, 2025, by claiming to have information about certain customer accounts as well as internal documents. In a statement shared with Fortune, Coinbase said the compromised customer agents worked in India and have all been fired. "No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched," Coinbase noted. What the attackers got away with are listed below - The crypto giant said it's taking the step of reimbursing customers who were tricked into transferring funds to the attacker due to social engineering attacks. It's exactly not clear how many customers fell for the scam, but the company told TechCrunch that less than 1% of its 9.7 million monthly customers were affected. The company is also enforcing added ID checks for certain flagged accounts when carrying out large withdrawals, and that it's hardening its defenses to counter such insider threats. Lastly, Coinbase has established a $20 million reward fund for information leading to the arrest and conviction of the attackers. As mitigations, users are advised to turn on withdrawal allow‑listing to permit transfers only to addresses in their address books, enable two-factor authentication (2FA), and be cautious about imposters who try to move funds to a safe wallet.

Daily Brief Summary

DATA BREACH // Coinbase Inside Job Leads to Data Leak and Extortion Attempt

Coinbase suffered a data breach orchestrated by cyber criminals who bribed internal customer support agents in India, leading to unauthorized data access.

The attackers copied account data of less than 1% of Coinbase's 9.7 million monthly users to potentially deceive them into transferring cryptocurrency.

The threat actors attempted to extort $20 million from Coinbase by threatening to release sensitive customer and internal information.

No critical data such as passwords, private keys, or customer funds were compromised, and Coinbase Prime accounts remained secure.

Coinbase has terminated the employment of the involved customer agents and is taking measures to reimburse affected customers.

Enhanced security measures, including additional ID checks for large withdrawals and strengthened defenses against insider threats, are being implemented.

Coinbase has announced a $20 million reward for information leading to the arrest and conviction of the responsible parties.

Customers are advised to enhance security by enabling withdrawal allow-listing, two-factor authentication, and remaining vigilant against impostors.