Coinbase disclosed that 69,461 of the crypto exchange’s users were affected by a recently unveiled data breach, which took place last year, according to a notice filed with the Maine Attorney General’s Office.
Among residents of the Pine Tree State, the San Francisco-based exchange warned that around 217 natives were impacted by the incident. The company said the exploit involved cyber criminals bribing overseas customer support agents to access names, addresses, phone numbers, emails, and government-ID images, among other types of sensitive information.
Last week, Coinbase said in an SEC filing that less than 1% of the exchange’s monthly transacting users had been impacted by the data breach. But using the company’s latest earnings report, that meant the number could have been as high as 97,000 users. This new Maine notice shows that Coinbase has a more granular understanding of how many of its customers were impacted.
In the notice, Coinbase said that it discovered the data breach on May 11 after it took place on Dec. 26 last year. The exchange started observing abnormal behavior among some of its customer service representatives in January, according to a report in Bloomberg. The outlet reported that Coinbase is now facing a U.S. Justice Department probe.
Coinbase did not immediately respond to a request for comment from Decrypt.
Although Coinbase CEO Brian Armstrong addressed the situation head-on through a video posted to X, formerly Twitter—which has generated over 3.6 million views—regulatory filings, including those with the Securities and Exchange Commission, have served as a primary source of information as the incident’s overall scope has developed.
“Regulation is at the backbone of this,” Amanda Fischer, a former SEC employee and policy director at non-profit Better Markets, told Decrypt. “The fact that Coinbase is a public company that's overseen by the SEC is kind of the only reason we have any data about this.”
The incident could cost Coinbase between $180 million and $400 million, the exchange said in an SEC filing. The filing was submitted days after an “unknown threat actor” contacted the exchange, demanding $20 million in exchange for not releasing the information.
Some, including TechCrunch co-founder Michael Arrington, fear human costs. “This hack—which includes home addresses and account balances—will lead to people dying,” he said on X on Monday.
According to Fischer, a company has different obligations when it comes to disclosing a data breach to shareholders versus customers. Protections for the latter group amount to a “patchwork” of rules varying by state, she said.
‘Toxic’ Communication
Under SEC rules, a firm is required to disclose a data breach to shareholders within four days of a lawyer determining that it could be relevant to a reasonable shareholder’s decision to buy, hold, or sell a company’s shares, she said.
With class action lawsuits cropping up against the exchange, Fischer added that “it will be litigated whether or not the materiality determination should have been made in January.”
In Aril, Coinbase modified its user agreement, adding two limiting clauses that restricted users’ ability to bring class action lawsuits against the firm or pursue legal action outside federal courts in New York. After the changes were flagged on X by Molly White, a longtime Wikipedia editor and crypto researcher, Armstrong said the connection amounted to a “conspiracy theory.”
MetaMask’s Taylor Monahan, an on-chain sleuth and noted security expert, pushed back against Armstrong’s assertion. On X, she claimed that investigators had flagged malicious insiders at Coinbase for the greater part of a year.
“Every investigator under the sun has been feeding your various teams evidence of these insane thefts and insiders for over 6 months,” she said. “We persisted even as your teams explicitly gaslit us, chastised us for not being ‘polite’ enough, and called us toxic.”
Edited by Stacy Elliott.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
