Original Title: "Coinbase User Data Stolen and Ransomed for $20 Million, Sociological Attacks Have Become the Norm"
Original Author: Felix, PANews
On May 15, two pieces of negative news about Coinbase caused its stock price to suffer a " Waterloo." One was Coinbase's disclosure of a cyber attack incident involving the theft of internal data and customer information, with potential financial impacts ranging from $180 million to $400 million. Additionally, sources indicated that the U.S. SEC is still investigating whether Coinbase misreported user data prior to its IPO in 2021. Under the influence of these dual negative news, Coinbase's stock price fell by 7.2% during the day.
Customer Service Leaked User Data and Ransomed for $20 Million
Coinbase reported that cybercriminals bribed and recruited a group of overseas malicious customer service personnel who abused their access to the customer support system to steal data from less than 1% of monthly trading users (approximately 80,000 to 100,000). Although no funds, passwords, or private keys were stolen, and Coinbase Prime accounts were "unaffected," the attackers used this data to launch targeted social engineering scams against customers.
Regarding the attack method, some cryptocurrency experts commented that this type of targeted social engineering attack (utilizing overseas customer support teams) is not uncommon in the cryptocurrency industry. The information of active users on cryptocurrency trading platforms is far more valuable than one might think. The average customer acquisition cost for top trading platforms is $5-50 per effective user, while for small and medium-sized trading platforms, it ranges from $50 to $300. After initiating the social engineering scam, the Coinbase attackers sent a ransom note demanding Coinbase pay $20 million in Bitcoin, threatening to publish the stolen customer data if Coinbase did not comply.
The report stated that the attackers obtained:
· Names, addresses, phone numbers, and emails
· Masked Social Security numbers (only the last 4 digits)
· Masked bank account numbers and some bank account identifiers
· Images of government identification documents (such as driver's licenses and passports)
· Account data (balance snapshots and transaction histories)
· Limited company data (including documents, training materials, and communication information available to customer service personnel)
However, login credentials or two-factor authentication codes, private keys, any ability to transfer or access customer funds, access to Coinbase Prime accounts, and access to any hot or cold wallets of Coinbase or its customers were "not stolen."
Multiple Measures to Respond to the Attack, Refusing to Pay Ransom and Offering a Reward
After the incident, Coinbase took a series of response measures. First, it closely cooperated with law enforcement. The internal personnel responsible for the data leak were immediately fired and handed over to U.S. and international law enforcement, with Coinbase stating it would pursue criminal charges.
Secondly, it tracked the stolen funds. Coinbase collaborated with industry partners to tag the attackers' addresses for authorities to trace and recover assets. It also promised to compensate customers who were tricked into sending money to the attackers due to the social engineering attack. To further ensure the security of support operations, Coinbase will open a new support center in the U.S. and strengthen security controls and monitoring at all locations. In response to the $20 million ransom demanded by the attackers, Coinbase stated it would not pay. Meanwhile, Coinbase will establish a $20 million reward fund for information that leads to the arrest and conviction of the criminals behind this attack.
Coinbase Users Facing Social Engineering Attacks May Have Become the "Norm"
Although a series of response measures seem proactive, security incidents involving Coinbase appear to occur frequently, and the amounts stolen are substantial, especially regarding the social engineering scams faced by users. In February of this year, on-chain detective ZachXBT disclosed on platform X that Coinbase users lost over $65 million due to social engineering scams between December 2024 and January 2025. He stated that the estimated $65 million could be "far lower" than the actual amount, as it does not account for cases submitted to Coinbase's support department and the police.
ZachXBT listed multiple security incidents and criticized Coinbase for failing to properly handle such scams. "Coinbase needs to make urgent changes, as more and more users are scammed out of tens of millions of dollars each month. Other major trading platforms have not experienced similar situations."
ZachXBT also urged Coinbase's leadership to consider strengthening measures against social engineering attacks, including allowing KYC-verified users to optionally input their phone numbers on the platform, adding restrictions on withdrawals for new user accounts, and enhancing community outreach. These proposals may not have been adopted by Coinbase, but this ransom incident could serve as a wake-up call for Coinbase.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
